cabc201c62cdbc55591c8da0cd79d8606790742962489191478aaccb1cfc1a95

Sharing

Copy URL

Twitter E-mail

General

Target

cabc201c62cdbc55591c8da0cd79d8606790742962489191478aaccb1cfc1a95
Size

193KB
MD5

9bab90636f503e0dd7e0b92ca8b4d744
SHA1

491e676bee91bcc02501b30430bc2cbdff236d85
SHA256

cabc201c62cdbc55591c8da0cd79d8606790742962489191478aaccb1cfc1a95
SHA512

bf6b0594379711783acd533ef6208f6c5effdf7f37df5871c2003c38f6d497dcd68d7ff5897c90e483b57295cf187f20c62211102cd0a9d9abb7d793e30e5ba5
SSDEEP

6144:b1SbsBqZjJPWortQ7O9U0k3jZ6az/ehiKGAD2:b18soFJRtQyUr34ajeAz

Score

N/A

Malware Config

Signatures

Files

cabc201c62cdbc55591c8da0cd79d8606790742962489191478aaccb1cfc1a95
.dll regsvr32 windows x86

13d65c973946fce4d0962eaadf38ba2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
DuplicateTokenEx
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
RegNotifyChangeKeyValue
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
UnlockServiceDatabase
LockServiceDatabase
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegDeleteValueW
OpenThreadToken
RegEnumKeyExW
AdjustTokenPrivileges
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
GetTokenInformation
OpenProcessToken

iphlpapi

GetAdaptersInfo

kernel32

GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
FormatMessageW
LockResource
VerifyVersionInfoW
lstrcmpW
InterlockedExchange
Sleep
UnregisterWaitEx
RegisterWaitForSingleObject
DuplicateHandle
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
QueueUserWorkItem
GetOverlappedResult
CreateThread
LocalFree
ResetEvent
GetPrivateProfileStringW
GetPrivateProfileSectionW
SetLastError
DeviceIoControl
LocalAlloc
WriteFile
GetStdHandle
GetSystemDefaultLCID
GetCurrentProcessId
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
lstrlenW
lstrcpyW
GetLastError
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetCurrentThreadId
CloseHandle
GetCurrentProcess
WaitForSingleObject
HeapDestroy
lstrcatW
GetModuleFileNameW
lstrcpynW
GetCurrentThread
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CreateFileW
CreateEventW
OpenEventW
SetEvent
GetProcAddress
LoadLibraryW
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter

mprapi

MprAdminServerConnect
MprAdminConnectionGetInfo
MprAdminPortEnum
MprAdminBufferFree
MprAdminServerDisconnect

msvcrt

_snwprintf
wcsncmp
_wtoi
qsort
_except_handler3
strncpy
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_CxxThrowException
_wsplitpath
mbstowcs
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
??0exception@@QAE@ABQBD@Z
_snprintf
?what@exception@@UBEPBDXZ
wcscmp
wcscat
_wcsnicmp
memmove
wcsstr
wcschr
wcstoul
_wcsicmp
wcsncpy
__CxxFrameHandler
_purecall
wcsrchr
wcscpy
wcslen
_vsnprintf

netapi32

NetApiBufferFree
NetGetJoinInformation

netshell

HrIsIpStateCheckingEnabled
HrGetExtendedStatusFromNCS

ntdll

RtlDeregisterWait
RtlInitUnicodeString
NtClose
RtlOpenCurrentUser
VerSetConditionMask
RtlRegisterWait
RtlDeregisterWaitEx
RtlGetNtProductType
RtlNtStatusToDosError
NtOpenFile

ole32

CoImpersonateClient
CoRevertToSelf
CLSIDFromString
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
IIDFromString
StringFromGUID2

oleaut32

SysFreeString
VariantClear
SysAllocString
SysAllocStringByteLen
VarI4FromStr
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayDestroy
SysStringByteLen
VariantInit

rasapi32

RasDeleteEntryW
RasSetAutodialAddressW
DwCloneEntry
RasRenameEntryW
RasEnumConnectionsW
RasHangUpW
RasGetConnectStatusW
DwEnumEntryDetails
RasValidateEntryNameW

rtutils

TracePrintfA
TraceVprintfExA
TraceRegisterExA

secur32

GetUserNameExW

shell32

SHGetFolderPathW

user32

ExitWindowsEx
LoadImageW
DestroyIcon
RegisterDeviceNotificationW
UnregisterDeviceNotification
wsprintfW
LoadStringW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
CharNextW
MessageBoxW

wininet

InternetCrackUrlW

ws2_32

freeaddrinfo
WSAStartup
WSANSPIoctl
WSACleanup
WSALookupServiceEnd
WSALookupServiceNextW
getnameinfo
socket
WSAEventSelect
WSAIoctl
WSAEnumNetworkEvents
closesocket
inet_addr
WSALookupServiceBeginW
WSAGetLastError
getaddrinfo

wzcsapi

GetModeForAdapter

wzcsvc

WZCQueryGUIDNCSState
WZCTrayIconReady

Exports

Exports

DllRegisterServer
DllUnregisterServer
GetClientAdvises
HrGetPnpDeviceStatus
HrLanConnectionNameFromGuidOrPath
HrPnpInstanceIdFromGuid
HrQueryLanMediaState
HrRasConnectionNameFromGuid
NetManDiagFromCommandArgs
ProcessQueue
RasEventNotify
ServiceMain

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13d65c973946fce4d0962eaadf38ba2b

Headers

File Characteristics

Imports

advapi32

iphlpapi

kernel32

mprapi

msvcrt

netapi32

netshell

ntdll

ole32

oleaut32

rasapi32

rtutils

secur32

shell32

user32

wininet

ws2_32

wzcsapi

wzcsvc

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 169KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 169KB - Virtual size: 169KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 9KB - Virtual size: 8KB