98e1bbaa847902931e81bec704f48f65aea17e3d0cdacab6f826f46d75dc9c04

Sharing

Copy URL Twitter E-mail

General

Target

98e1bbaa847902931e81bec704f48f65aea17e3d0cdacab6f826f46d75dc9c04
Size

93KB
MD5

b3280c1c5bfbf7c6c85393f530260016
SHA1

2c1abacbb0ce0b0d9d8ca9bae0497c4c5339848a
SHA256

98e1bbaa847902931e81bec704f48f65aea17e3d0cdacab6f826f46d75dc9c04
SHA512

595738283222ab07aa2725e7b1c012e20d8a2cf6292cbc1b29e38d7cf7b88bb3bff4984f5dd93a17af544ea8f8f39316694c0ef20188029300cebf5a8a4d90fe
SSDEEP

1536:gQaJnOTrP9lDdih1pE4ZBmkx7hqkHiFiAxkuc3oLHqljXTmy:gvATrP9lh2pEQ1hqkH42roD0XTmy

Score

N/A

Malware Config

Signatures

Files

98e1bbaa847902931e81bec704f48f65aea17e3d0cdacab6f826f46d75dc9c04
.dll regsvr32 windows x86

52bdff6cc98639d65b8246d5e3e95b1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
GetShortPathNameW
GetModuleHandleW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
lstrcmpiW
lstrcpynW
HeapDestroy
GetProcAddress
LoadLibraryW
lstrcpyW
DeleteFileA
GetPrivateProfileStringA
ReadFile
WriteFile
CreateFileA
CreateMutexW
GetSystemDirectoryW
GetTempPathW
DeleteFileW
WinExec
MoveFileExW
CreateMutexA
CreateEventW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetFileSize
CreateFileW
ReleaseMutex
WaitForSingleObject
GetVolumeInformationA
Sleep
GetModuleFileNameW
OpenEventW
CreateThread
CloseHandle
DisableThreadLibraryCalls
lstrlenA
MultiByteToWideChar
lstrlenW
lstrcatW
WideCharToMultiByte

user32

ScreenToClient
WindowFromPoint
GetCursorPos
CharNextW
SystemParametersInfoW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr
LoadRegTypeLi
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen
VariantCopy

msvcrt

_stricmp
_adjust_fdiv
_initterm
_strlwr
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
rand
localtime
strlen
strcat
time
srand
_snprintf
_wcsicmp
strstr
strcpy
swprintf
sprintf
strcmp
__CxxFrameHandler
wcslen
memcpy
memset
??3@YAXPAX@Z
wcsstr
_wcslwr
_purecall
??2@YAPAXI@Z
free
malloc
realloc
memcmp
atoi
strchr

urlmon

URLDownloadToFileW

wininet

HttpOpenRequestA
InternetOpenA
InternetConnectA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllCheckServer
DllGetClassObject
DllRegisterServer
DllTest
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52bdff6cc98639d65b8246d5e3e95b1b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcrt

urlmon

wininet

netapi32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB