bb495dc61aac4a073ff0c2ec6d76c2136c8510a16b4e9e4fc708f523e3cb5533

Sharing

Copy URL Twitter E-mail

General

Target

bb495dc61aac4a073ff0c2ec6d76c2136c8510a16b4e9e4fc708f523e3cb5533
Size

64KB
MD5

367f47d125ba9b221eaa0f344b01ac4c
SHA1

f74cb5f5ea20700afda1a5c5926fea730592f48e
SHA256

bb495dc61aac4a073ff0c2ec6d76c2136c8510a16b4e9e4fc708f523e3cb5533
SHA512

16aa1b91d5e70ae34174636011e787d6cb2496667bbecef077af72629bb49e142e97857c083ea7a34c645a0fec79f219d26ff59a34606e932651bc875718cdfd
SSDEEP

768:iUZ0oHTGn0knQFJ88qwnZobCazQYCa1KBLWHQdhFvQF9sQmJK6dj:x0oSn0kn58qeezlKBFdT0jm4U

Score

N/A

Malware Config

Signatures

Files

bb495dc61aac4a073ff0c2ec6d76c2136c8510a16b4e9e4fc708f523e3cb5533
.dll regsvr32 windows x86

4a0af7dc700dac59cc1187e16d0540cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LeaveCriticalSection
LoadLibraryExW
lstrcmpiW
lstrcpynW
HeapDestroy
lstrcpyW
lstrcatW
DeleteFileA
WinExec
GetBinaryTypeA
GetTickCount
GetTempPathA
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
DisableThreadLibraryCalls
GetCurrentThreadId
lstrlenA
LoadLibraryW
GetProcAddress
WideCharToMultiByte
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
CreateThread
Sleep
GetCurrentProcess
GetLastError
CloseHandle

user32

SetWindowsHookExW
CallNextHookEx
FindWindowA
CharNextW
GetMessageW
PostThreadMessageW
SetForegroundWindow
UnhookWindowsHookEx
FindWindowExA
SendMessageW
FindWindowExW
GetClassNameA
SendMessageA
PostMessageW
CharLowerA

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyA
RegQueryValueExW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
AdjustTokenPrivileges

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

LoadRegTypeLi
SysStringLen
LoadTypeLi
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
SysFreeString
RegisterTypeLi

oleacc

GetRoleTextA
AccessibleObjectFromWindow
WindowFromAccessibleObject
GetStateTextA

msvcrt

free
realloc
memcmp
strchr
strncmp
fclose
fwrite
rename
_access
wcslen
wcscmp
_initterm
_adjust_fdiv
_stricmp
malloc
calloc
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
atoi
strcat
swprintf
getchar
wprintf
strcmp
_splitpath
fopen
fgets
strstr
strcpy
memcpy
sprintf
strlen
memset

ws2_32

connect
htons
closesocket
socket
recv
gethostbyname
WSAStartup
inet_addr
send

netapi32

Netbios

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetVer
Install

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WOWCLin
Size: 4KB - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a0af7dc700dac59cc1187e16d0540cf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

oleacc

msvcrt

ws2_32

netapi32

wininet

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 13KB

WOWCLin Size: 4KB - Virtual size: 6B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 13KB

WOWCLin
Size: 4KB - Virtual size: 6B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB