34aa2b44258a4be6857687b31d36c8cc4673a3fb59c878c272563cc0685f98fe

Sharing

Copy URL Twitter E-mail

General

Target

34aa2b44258a4be6857687b31d36c8cc4673a3fb59c878c272563cc0685f98fe
Size

112KB
MD5

5c89f54bfc3963d6499fd0c046341976
SHA1

1b338b38c5d4a3ca0acac7ff7103a1beb2ead47b
SHA256

34aa2b44258a4be6857687b31d36c8cc4673a3fb59c878c272563cc0685f98fe
SHA512

24638c08b1130ca9ab978d5e265fdaf908e328dbdee5da44eff305e4b9c35f8d759362b28532e5d53032bbfd8e79dc4603c5d05fb156f0b004e14adf2b17eca8
SSDEEP

3072:fmrc0V9QQ0LfeSE/4EOlmW3LpbN98xj564Qrv8CSb99Q:H0V9QbfeL4EOlmW3LpKGUjb

Score

N/A

Malware Config

Signatures

Files

34aa2b44258a4be6857687b31d36c8cc4673a3fb59c878c272563cc0685f98fe
.dll regsvr32 windows x86

7a08d8e469a18416fd316fd07f22489e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
ResetEvent
SetEvent
CloseHandle
CreateEventA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
Sleep
CreateThread
GetModuleFileNameA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
lstrcmpiA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
SetThreadLocale
GetThreadLocale
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
FreeLibrary
MultiByteToWideChar
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange

user32

TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
CharNextA
DispatchMessageA
PostThreadMessageA
UnregisterClassA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

shell32

ShellExecuteExA

ole32

CoUninitialize
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoTaskMemRealloc
CoTaskMemFree

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
DispCallFunc
VariantClear
VariantInit
VarUI4FromStr
SysFreeString
SysStringLen

hpqddcmn

LogMessage
SetRootKey
LogFileVersion

shlwapi

PathFileExistsA
StrTrimA
PathGetArgsA

msvcr80

__clean_type_info_names_internal
_crt_debugger_hook
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
strcat_s
wcsncpy_s
strcpy_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
??3@YAXPAX@Z
_mbsnbcpy_s
malloc
free
memcpy_s
_CxxThrowException
??_V@YAXPAX@Z
_resetstkoflw
__CxxFrameHandler3
memset
_purecall
_recalloc
??_U@YAPAXI@Z
??2@YAPAXI@Z
_malloc_crt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EndDeviceDiscovery
StartDeviceDiscovery
StartDeviceDiscoveryEx

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a08d8e469a18416fd316fd07f22489e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

hpqddcmn

shlwapi

msvcr80

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 56KB - Virtual size: 54KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 56KB - Virtual size: 54KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB