fe110d098301ee2edf07ba133b2d2d75b31bc8a15bc4d16286d0c46c7f42b127

Sharing

Copy URL

Twitter E-mail

General

Target

fe110d098301ee2edf07ba133b2d2d75b31bc8a15bc4d16286d0c46c7f42b127
Size

52KB
MD5

4c5fad5fc2405b55db597f1b00dcb9ce
SHA1

4a834bc9f0564196d74c76cc9fb5e48541990d5a
SHA256

fe110d098301ee2edf07ba133b2d2d75b31bc8a15bc4d16286d0c46c7f42b127
SHA512

d556c548fc0832efbf5d7d17ad4a9b18c0564b8927046ccf3a6ae242486e2ff1fcf13401af50bc368f1202961998203fc67db677f870c62190a0c71ce9041dcf
SSDEEP

384:wOMPq3nb0Pba3yaDBSCObPvkjBQI/k65aZaWsyMhGSS:wa1yaDTObvkjB5c6aZaCMhGH

Score

N/A

Malware Config

Signatures

Files

fe110d098301ee2edf07ba133b2d2d75b31bc8a15bc4d16286d0c46c7f42b127
.dll regsvr32 windows x86

66345f6b9fe1cadefae2171efaffa998

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
LoadLibraryA
WinExec
GetModuleFileNameA
Sleep
SetEvent
OpenEventA
CreateThread
CreateEventA
TerminateProcess
GetCurrentProcess
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
GetCurrentDirectoryA
CloseHandle
lstrcpyA
GetCurrentProcessId
VirtualProtect
Module32First
Module32Next
lstrlenW
lstrlenA
OpenProcess
VirtualProtectEx
WriteProcessMemory
CreateToolhelp32Snapshot

user32

wsprintfA
EnumWindows
GetWindowThreadProcessId
CallNextHookEx
SetWindowsHookExA

advapi32

RegOpenKeyA
RegSetValueExA
RegCloseKey

oleaut32

SysStringLen
LoadRegTypeLi
SysFreeString

atl

ord15
ord16
ord23
ord18
ord57
ord32
ord58
ord30
ord21

shlwapi

StrStrIA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

netapi32

Netbios

msvcrt

??2@YAPAXI@Z
_strcmpi
_adjust_fdiv
malloc
_initterm
free
atoi
strcmp
memcmp
_purecall
??3@YAXPAX@Z
memset
strstr
strlen
isprint
sprintf
strcpy
strrchr
strcat
memcpy
_itoa

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66345f6b9fe1cadefae2171efaffa998

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

atl

shlwapi

wininet

netapi32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 17KB

shard Size: 12KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 17KB

shard
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB