cb3239ed65819fda43ee8ee49d659bff4c1d74a95311febcae50d8bce54e1d24

Sharing

Copy URL Twitter E-mail

General

Target

cb3239ed65819fda43ee8ee49d659bff4c1d74a95311febcae50d8bce54e1d24
Size

193KB
MD5

2a88f8b340d680f71270f77d7ab30ef9
SHA1

dbcb0fb278bb43f03206bd3c2cf256d1dc4c449d
SHA256

cb3239ed65819fda43ee8ee49d659bff4c1d74a95311febcae50d8bce54e1d24
SHA512

b5ab81f4b9e1b19853da49531b24b19fc871f45e63a605506d9be6d710287e61da9a460f10c698b388e229c2816075647de7b3da416e38d88f1ead060144b3a6
SSDEEP

6144:hqSbsBqZjJPWortQ7O9U0k3jZ6az/ehiKGA52:hq8soFJRtQyUr34ajeAd

Score

N/A

Malware Config

Signatures

Files

cb3239ed65819fda43ee8ee49d659bff4c1d74a95311febcae50d8bce54e1d24
.dll regsvr32 windows x86

13d65c973946fce4d0962eaadf38ba2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
DuplicateTokenEx
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
RegNotifyChangeKeyValue
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
UnlockServiceDatabase
LockServiceDatabase
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegDeleteValueW
OpenThreadToken
RegEnumKeyExW
AdjustTokenPrivileges
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
GetTokenInformation
OpenProcessToken

iphlpapi

GetAdaptersInfo

kernel32

GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
FormatMessageW
LockResource
VerifyVersionInfoW
lstrcmpW
InterlockedExchange
Sleep
UnregisterWaitEx
RegisterWaitForSingleObject
DuplicateHandle
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
QueueUserWorkItem
GetOverlappedResult
CreateThread
LocalFree
ResetEvent
GetPrivateProfileStringW
GetPrivateProfileSectionW
SetLastError
DeviceIoControl
LocalAlloc
WriteFile
GetStdHandle
GetSystemDefaultLCID
GetCurrentProcessId
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
lstrlenW
lstrcpyW
GetLastError
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetCurrentThreadId
CloseHandle
GetCurrentProcess
WaitForSingleObject
HeapDestroy
lstrcatW
GetModuleFileNameW
lstrcpynW
GetCurrentThread
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CreateFileW
CreateEventW
OpenEventW
SetEvent
GetProcAddress
LoadLibraryW
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter

mprapi

MprAdminServerConnect
MprAdminConnectionGetInfo
MprAdminPortEnum
MprAdminBufferFree
MprAdminServerDisconnect

msvcrt

_snwprintf
wcsncmp
_wtoi
qsort
_except_handler3
strncpy
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_CxxThrowException
_wsplitpath
mbstowcs
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
??0exception@@QAE@ABQBD@Z
_snprintf
?what@exception@@UBEPBDXZ
wcscmp
wcscat
_wcsnicmp
memmove
wcsstr
wcschr
wcstoul
_wcsicmp
wcsncpy
__CxxFrameHandler
_purecall
wcsrchr
wcscpy
wcslen
_vsnprintf

netapi32

NetApiBufferFree
NetGetJoinInformation

netshell

HrIsIpStateCheckingEnabled
HrGetExtendedStatusFromNCS

ntdll

RtlDeregisterWait
RtlInitUnicodeString
NtClose
RtlOpenCurrentUser
VerSetConditionMask
RtlRegisterWait
RtlDeregisterWaitEx
RtlGetNtProductType
RtlNtStatusToDosError
NtOpenFile

ole32

CoImpersonateClient
CoRevertToSelf
CLSIDFromString
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
IIDFromString
StringFromGUID2

oleaut32

SysFreeString
VariantClear
SysAllocString
SysAllocStringByteLen
VarI4FromStr
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayDestroy
SysStringByteLen
VariantInit

rasapi32

RasDeleteEntryW
RasSetAutodialAddressW
DwCloneEntry
RasRenameEntryW
RasEnumConnectionsW
RasHangUpW
RasGetConnectStatusW
DwEnumEntryDetails
RasValidateEntryNameW

rtutils

TracePrintfA
TraceVprintfExA
TraceRegisterExA

secur32

GetUserNameExW

shell32

SHGetFolderPathW

user32

ExitWindowsEx
LoadImageW
DestroyIcon
RegisterDeviceNotificationW
UnregisterDeviceNotification
wsprintfW
LoadStringW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
CharNextW
MessageBoxW

wininet

InternetCrackUrlW

ws2_32

freeaddrinfo
WSAStartup
WSANSPIoctl
WSACleanup
WSALookupServiceEnd
WSALookupServiceNextW
getnameinfo
socket
WSAEventSelect
WSAIoctl
WSAEnumNetworkEvents
closesocket
inet_addr
WSALookupServiceBeginW
WSAGetLastError
getaddrinfo

wzcsapi

GetModeForAdapter

wzcsvc

WZCQueryGUIDNCSState
WZCTrayIconReady

Exports

Exports

DllRegisterServer
DllUnregisterServer
GetClientAdvises
HrGetPnpDeviceStatus
HrLanConnectionNameFromGuidOrPath
HrPnpInstanceIdFromGuid
HrQueryLanMediaState
HrRasConnectionNameFromGuid
NetManDiagFromCommandArgs
ProcessQueue
RasEventNotify
ServiceMain

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13d65c973946fce4d0962eaadf38ba2b

Headers

File Characteristics

Imports

advapi32

iphlpapi

kernel32

mprapi

msvcrt

netapi32

netshell

ntdll

ole32

oleaut32

rasapi32

rtutils

secur32

shell32

user32

wininet

ws2_32

wzcsapi

wzcsvc

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 169KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 169KB - Virtual size: 169KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 9KB - Virtual size: 8KB