1e37a38970485943e94a92e343e844104352d8b5b1437ed26daefd2c688c8b31

Sharing

Copy URL Twitter E-mail

General

Target

1e37a38970485943e94a92e343e844104352d8b5b1437ed26daefd2c688c8b31
Size

920KB
MD5

321b152c129dc910fd1f72c2d1fa4f8d
SHA1

dbd808a8a736914f2169e30bda7b0fed2ea61399
SHA256

1e37a38970485943e94a92e343e844104352d8b5b1437ed26daefd2c688c8b31
SHA512

7a4f566d4a6850b3b58211d7bab4271b95ba655b0b7a0c5fbd463eb600f5a0399e0fc949a9840b8690c1eced06cf03f092dacfabeba6b9441ec545806caec4f6
SSDEEP

24576:IOxh75qoDSgtZvZ7yXMPjd3SWMEPRZLtKE/ASplMVh:dxT0kZR7yXMPjd3VMQ4E/plMV

Score

N/A

Malware Config

Signatures

Files

1e37a38970485943e94a92e343e844104352d8b5b1437ed26daefd2c688c8b31
.dll regsvr32 windows x86

a88d3b5193d842cf7ce0b435b7b6e153

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsA
UnregisterTraceGuids
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
StartServiceA
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetNamedSecurityInfoA
SetEntriesInAclA
LookupAccountSidA
IsValidSid
GetTokenInformation
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

kernel32

GetVersionExA
InitializeCriticalSection
GetModuleHandleA
OutputDebugStringA
lstrcmpiA
GetModuleFileNameA
lstrcatA
GetSystemDirectoryA
Sleep
LoadLibraryA
CloseHandle
WaitForSingleObject
CreateThread
MultiByteToWideChar
DeviceIoControl
CreateFileA
GetLastError
OpenProcess
GetCurrentProcessId
CreateProcessA
FormatMessageA
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsGetValue
TlsAlloc
ReleaseMutex
ResetEvent
GetTickCount
CreateMutexA
CreateEventA
SetEvent
lstrcpyA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
WideCharToMultiByte
lstrlenW
RaiseException
lstrlenA
OpenMutexA
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
ReadFile
WriteFile
SetFilePointer
GlobalFree
GlobalAlloc
ProcessIdToSessionId
lstrcpynW
lstrcmpiW
GetModuleFileNameW
GetCurrentThreadId
GetExitCodeThread
lstrcmpA
GetFileSize
FindClose
FindFirstFileA
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetFullPathNameA
GetCommandLineA
SetLastError
GetCurrentThread
TlsFree
FatalAppExitA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
ExitProcess
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
HeapSize
GetDriveTypeA
GetCurrentDirectoryA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
GetTimeZoneInformation
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetStdHandle
CompareStringA
CompareStringW
GetLocaleInfoW
FlushFileBuffers
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
lstrcpynA

user32

FindWindowA
SendMessageA
TranslateMessage
RegisterWindowMessageA
CharNextA
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
EnumDisplayDevicesA
EnumDisplaySettingsExA
ChangeDisplaySettingsExA
DestroyWindow
DefWindowProcA
PostQuitMessage
UnregisterClassA
DispatchMessageA
IsWindowEnabled
PostMessageA
EnumDisplaySettingsA
LoadCursorA
RegisterClassA
CreateWindowExA
SetTimer
GetMessageA

gdi32

ExtEscape
GetDeviceCaps
CreateDCA
DeleteDC
GetDeviceGammaRamp
SetDeviceGammaRamp
GetStockObject

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysFreeString

shlwapi

PathAppendA
PathFileExistsA
StrStrIA
PathFindFileNameW
PathFindExtensionA
SHGetValueA
PathFindFileNameA
SHDeleteValueA

shell32

SHGetFolderPathA
SHCreateDirectoryExA
SHGetSpecialFolderPathA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceInstallParamsA
SetupDiChangeState
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
CM_Reenumerate_DevNode
CM_Get_DevNode_Status_Ex

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
nvapi_QueryInterface

Sections

.text
Size: 696KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a88d3b5193d842cf7ce0b435b7b6e153

Headers

File Characteristics

Imports

advapi32

kernel32

user32

gdi32

ole32

oleaut32

shlwapi

shell32

setupapi

version

Exports

Exports

Sections

.text Size: 696KB - Virtual size: 692KB

.rdata Size: 92KB - Virtual size: 89KB

.data Size: 20KB - Virtual size: 48KB

.idata Size: 64KB - Virtual size: 60KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 696KB - Virtual size: 692KB

.rdata
Size: 92KB - Virtual size: 89KB

.data
Size: 20KB - Virtual size: 48KB

.idata
Size: 64KB - Virtual size: 60KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 32KB - Virtual size: 31KB