d82e77e365b2f2932873156835a560524aeb4dca71569a6d93254ecbba529afb

Sharing

Copy URL

Twitter E-mail

General

Target

d82e77e365b2f2932873156835a560524aeb4dca71569a6d93254ecbba529afb
Size

276KB
MD5

f7fa40353dc26ef6ab41e3bdc3fb960d
SHA1

c1c9c8746e4d8306d99372b3d90119a213bf831e
SHA256

d82e77e365b2f2932873156835a560524aeb4dca71569a6d93254ecbba529afb
SHA512

d5210971e67ec33e90a8a792f4eea4c3f7ab852b6e8b25d8ea67b9c10b77c249a9f54af3e497925108dde05b5fd6589baad7a8c9b68dd742163936dc58bd94e8
SSDEEP

6144:7EmSpAuZ4RWJYn8tED0weBYMgl3lMu1k7:7EmOAuZXWnCEiBYMgll1

Score

N/A

Malware Config

Signatures

Files

d82e77e365b2f2932873156835a560524aeb4dca71569a6d93254ecbba529afb
.dll regsvr32 windows x86

6562cccb836814bf765e10efa9702eaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetSystemDirectoryA
TerminateThread
GetCurrentProcessId
CopyFileA
OpenProcess
GetTickCount
CloseHandle
ReleaseMutex
GetLastError
CreateMutexA
SetLastError
GetFileSize
WriteFile
SetFilePointer
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
EnterCriticalSection
ReadFile
SetThreadPriority
LocalFree
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
CreateProcessA
Module32Next
Module32First
GetLocalTime
FreeLibrary
lstrlenA
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetVersion
GetEnvironmentVariableA
OutputDebugStringA
DebugBreak
InterlockedDecrement
FindFirstFileA
FindNextFileA
FindClose
CreateFileA
lstrcmpiA
lstrcpyA
lstrcatA
CreateDirectoryA
GetModuleFileNameA
WinExec
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
DeleteFileA
lstrlenW
CreateThread
LeaveCriticalSection

user32

wvsprintfA
CharNextA
LoadStringA
wsprintfA
GetSystemMetrics
DestroyWindow
DefWindowProcA
DispatchMessageA
TranslateMessage
CharLowerA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA
SetTimer
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
KillTimer
SetWindowsHookExA
GetMessageA
SendMessageA
GetParent
GetActiveWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
BringWindowToTop
SetForegroundWindow
SetActiveWindow
SetFocus
FindWindowA
IsWindow
RegisterWindowMessageA
SendMessageTimeoutA
wsprintfW

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegEnumKeyExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegQueryInfoKeyA

shell32

SHGetSpecialFolderPathA

ole32

StringFromCLSID
CoTaskMemFree
OleRun
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

VariantChangeType
VariantClear
LoadTypeLi
VariantCopy
SysStringByteLen
SysFreeString
SysAllocStringLen
SysAllocString
LoadRegTypeLi
SysStringLen
SysAllocStringByteLen
GetErrorInfo

atl

ord31
ord23
ord30
ord58
ord32
ord57
ord15
ord16
ord21

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?_Xran@std@@YAXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z

urlmon

URLDownloadToFileA

wininet

InternetCloseHandle
InternetOpenA
InternetCrackUrlA
InternetOpenUrlA
InternetAttemptConnect
InternetReadFile
InternetConnectA
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

netapi32

Netbios

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

_stricmp
atoi
strlen
atol
??2@YAPAXI@Z
time
sprintf
_mbsicmp
_mbsrchr
strcmp
_mbscmp
localtime
strstr
_except_handler3
_snprintf
strcpy
_CxxThrowException
memcpy
_mbschr
_mbsstr
wcslen
_ismbcdigit
??0exception@@QAE@ABV0@@Z
memmove
memset
_mbsnbcpy
__CxxFrameHandler
strcat
_mbslwr
_itoa
_mbsnbcmp
_purecall
memcmp
strncmp
_ftol
abs
floor
rand
srand
_local_unwind2
isspace
isalnum
strtok
strncpy
free
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_ltoa
_strlwr
_ismbcspace

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstallBHO
RemoveBHO

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6562cccb836814bf765e10efa9702eaa

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl

msvcp60

urlmon

wininet

netapi32

version

msvcrt

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 196KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 1KB

.share Size: 20KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 200KB - Virtual size: 196KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 1KB

.share
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 9KB