e0bbeb079b8e4e09a3dd6d09705972420ed8c438866bab24736c9070c85c86ae

Sharing

Copy URL

Twitter E-mail

General

Target

e0bbeb079b8e4e09a3dd6d09705972420ed8c438866bab24736c9070c85c86ae
Size

580KB
MD5

7528a18fdb2b8e6e0d1d3b1ee468852b
SHA1

6911cfd9b67f24f5c2dbcd466a221e4514ab64b0
SHA256

e0bbeb079b8e4e09a3dd6d09705972420ed8c438866bab24736c9070c85c86ae
SHA512

34bf615a4a04165ee6993cbf794aa0951c3bf8bbed5974877b13cf522096c54f7777e4d02d559a711ba179197040b1f49de1585a63c3c0ffa4a3c80dbc0f69d9
SSDEEP

12288:mGKmhOFPy+0QxU9ogzGyqzPXd0trxGZ3mLigReOoAZ/jJLWfvmZynT3vMN:mFmhOF6+XUINSZ/jdWfvmZgT30N

Score

N/A

Malware Config

Signatures

Files

e0bbeb079b8e4e09a3dd6d09705972420ed8c438866bab24736c9070c85c86ae
.dll regsvr32 windows x86

14d59c0eee9a606340c6639208f19ecb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
FlushInstructionCache
GetCurrentProcess
SetLastError
LocalAlloc
FormatMessageA
Sleep
ReleaseMutex
WaitForSingleObject
CreateMutexA
GlobalAlloc
GetModuleFileNameA
OpenMutexA
ExitProcess
FreeLibraryAndExitThread
TerminateThread
GetExitCodeThread
UnmapViewOfFile
MapViewOfFile
DeleteFileA
GetModuleHandleA
GetCurrentProcessId
SetErrorMode
SetFileAttributesA
GetTempPathA
SetWaitableTimer
CreateWaitableTimerA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileMappingA
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
lstrcpynA
ReadFile
GetFileSize
CreateFileA
WriteFile
LocalFree
SetEndOfFile
SetFilePointer
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
OpenSemaphoreA
CreateDirectoryA
VirtualAlloc
FindCloseChangeNotification
VirtualFree
DuplicateHandle
lstrcatA
CreateThread
MoveFileA
CreateProcessA
GetShortPathNameA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetLocalTime
CancelWaitableTimer
OpenWaitableTimerA
OpenFileMappingA
FlushFileBuffers
ExitThread
GetFileAttributesA
GetVolumeInformationA
SystemTimeToFileTime
GetFileTime
MoveFileExA
GetCurrentDirectoryA
GetLocaleInfoW
SetEnvironmentVariableA
SetStdHandle
IsBadCodePtr
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetExitCodeProcess
CreatePipe
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
FindResourceExA
InterlockedExchange
FindResourceA
LoadResource
LockResource
SizeofResource
CloseHandle
CompareStringW
CompareStringA
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
lstrcpyA
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
HeapCreate
GetCommandLineA
GetCurrentThreadId
IsBadReadPtr
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RtlUnwind
VirtualQuery
GetSystemInfo
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

SetWindowLongA
CallWindowProcA
GetParent
FindWindowExA
wsprintfA
GetForegroundWindow
LoadStringA
GetClassNameA
GetWindowTextA
PostMessageA
DispatchMessageA
GetMessageA
CharLowerA
DefWindowProcA
WinHelpA
GetDlgItem
FindWindowA
SendMessageTimeoutA
CallNextHookEx
MsgWaitForMultipleObjects
CreateDesktopA
GetSystemMetrics
TranslateMessage
PeekMessageA
GetDesktopWindow
RegisterClassExA
CreateWindowExA

advapi32

RegOpenKeyExA
RegEnumKeyExA
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
SetSecurityInfo
RegCreateKeyA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyA
RegEnumKeyA
RegFlushKey
SetEntriesInAclA
SetNamedSecurityInfoA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

shell32

ord680

ole32

CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CoUnmarshalInterface
CoMarshalInterface
CreateStreamOnHGlobal
CoInitializeSecurity
StringFromCLSID
ProgIDFromCLSID
CLSIDFromString
MkParseDisplayName
CreateBindCtx
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree
StringFromIID
CoTaskMemAlloc
CLSIDFromProgID
CoLockObjectExternal

oleaut32

GetErrorInfo
SysFreeString
VariantClear
SysAllocString
GetActiveObject
LoadTypeLibEx
LoadRegTypeLi
LHashValOfNameSys
SysStringLen
VariantInit
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantChangeType
VariantTimeToSystemTime
VariantCopyInd
SystemTimeToVariantTime
SafeArrayPutElement
VariantCopy
SafeArrayGetElement
SafeArrayCreate
SafeArrayGetDim
DispGetIDsOfNames

shlwapi

StrStrA
StrRChrA
StrCmpNIA
SHDeleteValueA
SHDeleteKeyA
StrStrIW
StrChrA
PathFileExistsA
StrStrIA

Exports

Exports

CreateMainProc
CreateProtectProc
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SetVM
SysLogoff
SysLogon

Sections

.text
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MYSEC
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14d59c0eee9a606340c6639208f19ecb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 432KB - Virtual size: 431KB

.rdata Size: 88KB - Virtual size: 86KB

.data Size: 16KB - Virtual size: 30KB

.MYSEC Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 32KB - Virtual size: 29KB

.text
Size: 432KB - Virtual size: 431KB

.rdata
Size: 88KB - Virtual size: 86KB

.data
Size: 16KB - Virtual size: 30KB

.MYSEC
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 32KB - Virtual size: 29KB