c150550b7097472578c7ed8c3335697df0ea3c570928bb4eabf228d465c5626b

Sharing

Copy URL Twitter E-mail

General

Target

c150550b7097472578c7ed8c3335697df0ea3c570928bb4eabf228d465c5626b
Size

650KB
MD5

92687dda49e36756d3c1f1644b15ece6
SHA1

80f772480f1e197aaccc6760bed52058ca20fd4f
SHA256

c150550b7097472578c7ed8c3335697df0ea3c570928bb4eabf228d465c5626b
SHA512

e86f91499b338554b5449134cf11d3693471261a9313fd03ce86e3fec1807e4af78acd2c084503039300c062ab14ce2e5cee425fe7d292f6abe5d2c62e5f03a6
SSDEEP

6144:PG7u5dhBt0mr4FxyJdSZ7bgdqyERWU3q+qHGqHm3q+qHGqHb3q+qHGqH+3q+qHGN:PG72/Hp4iOZ7bAqWx

Score

N/A

Malware Config

Signatures

Files

c150550b7097472578c7ed8c3335697df0ea3c570928bb4eabf228d465c5626b
.dll regsvr32 windows x86

b72344c468f3136cc90785e82fc3d1e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memmove
iswalpha
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
free
malloc
_XcptFilter
_vsnwprintf
wcschr
memset
memcpy

kernel32

GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
InterlockedExchange
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetLastError
GetProcAddress
DelayLoadFailureHook
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
GetProductInfo
CompareStringOrdinal
lstrcmpW
lstrcmpiW
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
LocalFree
LocalAlloc
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
HeapFree
GetProcessHeap
HeapAlloc
LocalSize
RegQueryInfoKeyW
RegEnumValueW
MoveFileExW
GetLocalTime
SystemTimeToFileTime
CompareFileTime
FindFirstFileExW
DeleteFileW
RemoveDirectoryW
InitializeCriticalSection
CreateEventW
RegEnumKeyExW
GetComputerNameW
DeleteCriticalSection
ResetEvent
RegUnLoadKeyW
RegLoadKeyW
SetEvent
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
FindResourceExW
LoadResource
LockResource
LoadLibraryW
CloseHandle
GetModuleFileNameW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetModuleHandleW

advapi32

OpenThreadToken
OpenProcessToken
GetLengthSid
CopySid
SetKernelObjectSecurity
TreeResetNamedSecurityInfoW
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
GetUserNameW
LookupAccountSidW
LogonUserW
ConvertSidToStringSidW
LookupAccountNameW
GetSidSubAuthority
GetSidLengthRequired
GetSidSubAuthorityCount
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
EventWrite
EventUnregister
EventRegister

shlwapi

ord156
ord174
ord204
SHRegGetValueW
ord176
PathRemoveBackslashW
StrChrW
SHGetValueW
ord16
PathIsFileSpecW
PathFindExtensionW
PathCombineW
PathAppendW
PathCreateFromUrlW
PathIsURLW
StrCmpW
ord172
ord493
ord538
ord618
ord24
ord494
ord278
PathCommonPrefixW
ord637
ord256
ord219
ord199
StrTrimW
ord158
ord437
StrPBrkW
PathRemoveFileSpecW
StrCmpIW
PathCanonicalizeW
SHStrDupW
PathFindFileNameW
ord514

shell32

SHEnumerateUnreadMailAccountsW
ord813
ord812
SHChangeNotify
ord680
SHCreateDirectoryExW
SHFileOperationW
ord171
ord811
ord262
SHGetStockIconInfo
SHParseDisplayName
ord155
ShellExecuteW
ShellExecuteExW
ord859
ord810
SHGetFolderPathEx
SHBindToObject
ord25
ord18
SHGetUnreadMailCountW

ole32

CoGetCallContext
CoMarshalInterThreadInterfaceInStream
PropVariantClear
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoUninitialize

oleaut32

VariantChangeType
VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
LoadTypeLi
SysAllocStringByteLen
SysAllocString
SysFreeString
LoadRegTypeLi
VariantClear
SetErrorInfo
VariantInit
SafeArrayCreateVector

user32

DestroyIcon
LoadImageW
GetSystemMetrics
GetFocus
PostQuitMessage
GetWindowLongW
DestroyWindow
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
SetWindowLongW
ExitWindowsEx
SendMessageW
MessageBoxW
LoadStringW
SetCursor
LoadCursorW
DefWindowProcW

wtsapi32

WTSRegisterSessionNotification
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSUnRegisterSessionNotification

ntshrui

IsFolderPrivateForUser
SetFolderPermissionsForSharing

secur32

TranslateNameW
GetUserNameExW

netapi32

NetLocalGroupEnum
NetLocalGroupDelMembers
NetUserSetInfo
NetUserGetInfo
NetLocalGroupAddMembers
NetUserAdd
NetApiBufferAllocate
NetUserDel
NetUserChangePassword
NetUserModalsGet
NetUserGetLocalGroups
NetQueryDisplayInformation
DsGetDcNameW
NetApiBufferFree

winsta

WinStationFreeMemory
WinStationEnumerateW
WinStationQueryInformationW

rpcrt4

RpcStringBindingComposeW
NdrClientCall2
RpcBindingFree
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringFreeW

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

ntdll

EtwLogTraceEvent
RtlNtStatusToDosError
RtlAdjustPrivilege
NtQueryInformationFile
NtClose
RtlGetLastNtStatus
RtlAllocateAndInitializeSid
RtlFreeSid
RtlInitUnicodeStringEx
NtOpenFile
WinSqmAddToStream

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b72344c468f3136cc90785e82fc3d1e9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

shlwapi

shell32

ole32

oleaut32

user32

wtsapi32

ntshrui

secur32

netapi32

winsta

rpcrt4

setupapi

ntdll

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 117KB

.data Size: 66KB - Virtual size: 70KB

.rsrc Size: 453KB - Virtual size: 453KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 118KB - Virtual size: 117KB

.data
Size: 66KB - Virtual size: 70KB

.rsrc
Size: 453KB - Virtual size: 453KB

.reloc
Size: 10KB - Virtual size: 10KB