eb31c91e780f6e218722df32dfe6071430f804dc9c879a4a43c3991bf51bfc5e

Sharing

Copy URL Twitter E-mail

General

Target

eb31c91e780f6e218722df32dfe6071430f804dc9c879a4a43c3991bf51bfc5e
Size

333KB
MD5

11eca7afeebc6688f561816689e6fd0d
SHA1

6c964ddcce03b229dae22625d8986a7998777fed
SHA256

eb31c91e780f6e218722df32dfe6071430f804dc9c879a4a43c3991bf51bfc5e
SHA512

5413790dda704897b3ae8b709b6a6f811fd740e3abfe75499b2aea2a839686c9b6bab70fe37bbda0ca5dc6b67fe7c5476899f2b5c2ff873e06aff0294dba217b
SSDEEP

6144:wOStm9EnjfypqSc+9MXXHRZ9ZC/67MyRyRVdl+St83:stm95In+KRVr7dARfl+St83

Score

N/A

Malware Config

Signatures

Files

eb31c91e780f6e218722df32dfe6071430f804dc9c879a4a43c3991bf51bfc5e
.dll regsvr32 windows x86

1930d7a459c27c54a1c26e5ddb899f59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
GetSystemTimeAsFileTime
GetLastError
CreateEventW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
DisableThreadLibraryCalls
InterlockedIncrement
lstrcmpiW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
LockResource
FindResourceExW
GetProcAddress
ReadFile
GetFileSize
IsValidCodePage
HeapSize
HeapReAlloc
lstrcmpW
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
FindCloseChangeNotification
FindFirstFileW
CreateFileW
FindNextFileW
FindClose
FindFirstChangeNotificationW
GetFileTime
GetACP
CompareFileTime
GetModuleFileNameW
InterlockedDecrement
GetCurrentProcessId
ProcessIdToSessionId
GetComputerNameW
MultiByteToWideChar
SystemTimeToFileTime
GetLocalTime
GetTempPathW
lstrcatW
lstrcpyW
ExpandEnvironmentStringsW
SetLastError
TlsFree
SetEvent
GetExitCodeThread
TerminateThread
GetTickCount
WaitForSingleObject
lstrlenW
LocalFree
CloseHandle
GetProcessHeap
HeapFree
TlsSetValue
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetOEMCP
GetCommandLineA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
HeapAlloc
WriteFile
WideCharToMultiByte
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
ExitThread
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapDestroy
GetVersionExA
GetEnvironmentStrings
FreeEnvironmentStringsA
ReleaseMutex
ReleaseSemaphore
InterlockedExchangeAdd
Sleep
UnmapViewOfFile
MapViewOfFile
DeleteFileW
SetFilePointer
GlobalAlloc
GlobalFree
lstrlenA
GlobalReAlloc
GlobalUnlock
GlobalLock
CreateSemaphoreW
CreateMutexW
lstrcpynW
GetCurrentProcess
CreateFileA
CreateFileMappingW
OpenFileMappingW
lstrcpynA
GetTempFileNameW
CreateMutexA
GetCurrentThreadId
CreateDirectoryW
GlobalSize
GetSystemTime
InterlockedExchange
GetLocaleInfoA
GetThreadLocale

user32

PeekMessageW
GetDesktopWindow
CharLowerW
CharLowerBuffW
UnregisterClassA
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
CharNextW
LoadStringW

advapi32

CryptDestroyKey
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptEncrypt
CryptDecrypt
CryptDeriveKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl

ole32

CoTaskMemFree
CreateStreamOnHGlobal
GetHGlobalFromStream
CoInitializeEx
StringFromCLSID
StringFromGUID2
OleRun
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantTimeToSystemTime
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysFreeString
VarBstrCmp
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
GetErrorInfo
LoadRegTypeLi

shlwapi

PathFileExistsW
SHCreateStreamOnFileW
PathStripPathW

wtsapi32

WTSCloseServer
WTSOpenServerW
WTSQuerySessionInformationW
WTSFreeMemory

netapi32

NetWkstaUserEnum
NetApiBufferFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1930d7a459c27c54a1c26e5ddb899f59

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 192KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 16KB - Virtual size: 20KB

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 32KB - Virtual size: 29KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 196KB - Virtual size: 192KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 16KB - Virtual size: 20KB

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 32KB - Virtual size: 29KB

.reloc
Size: 24KB - Virtual size: 20KB