39c60ae2f4db2dc58f9c719cffc3865a2a6050d22259f4882aa124f9684332d2

Sharing

Copy URL Twitter E-mail

General

Target

39c60ae2f4db2dc58f9c719cffc3865a2a6050d22259f4882aa124f9684332d2
Size

40KB
MD5

e7f393611d274e84361976c7130ec763
SHA1

0f487b2741342e2c3fb013ff94c31c8997b6f54b
SHA256

39c60ae2f4db2dc58f9c719cffc3865a2a6050d22259f4882aa124f9684332d2
SHA512

562a2685e3c7ce69ed39b4ca0fcd7edf478d9ceaef89b0100d391fa728ed429c8634ebe9e52af938242bc94b36f68331f3e2249cca78861a47d2ecf5af71a607
SSDEEP

384:MSDCrpr0o4velK8yWcWkQNUEoDyBn1kHC/7/tQtgJj1F96Gsx3wu1PNfPFLkEQjp:M3tvRJoD2qiJvtAl3ajqB7o

Score

N/A

Malware Config

Signatures

Files

39c60ae2f4db2dc58f9c719cffc3865a2a6050d22259f4882aa124f9684332d2
.dll regsvr32 windows x86

857965a8948cfcdd84feed8bda3df3ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
InterlockedDecrement
lstrlenW
lstrcpyA
GetProcAddress
LoadLibraryA
WaitForSingleObject
IsBadStringPtrA
WritePrivateProfileStringA
GetVersionExA
Sleep
CreateFileA
InterlockedIncrement
GetModuleFileNameA
WideCharToMultiByte
GetVolumeInformationA
GetCurrentProcessId
TerminateThread
VirtualProtect
FileTimeToSystemTime
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
GlobalFree
GetSystemDirectoryA
LeaveCriticalSection
DeleteCriticalSection
DeviceIoControl
InitializeCriticalSection
GetCurrentDirectoryA
CreateThread
CloseHandle
DisableThreadLibraryCalls
GetModuleHandleA
lstrcpyW
GetPrivateProfileStringA
GetWindowsDirectoryA
MultiByteToWideChar

user32

wsprintfA

shell32

SHGetSpecialFolderPathA

oleaut32

SysFreeString
LoadRegTypeLi
SysStringLen

atl

ord23
ord18
ord15
ord16
ord21
ord32
ord58
ord30
ord31
ord57

shlwapi

StrStrIA

msvcrt

_adjust_fdiv
strcat
_beginthreadex
memset
memcpy
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
free
malloc
strlen
sscanf
__CxxFrameHandler
sprintf
strncpy
_snprintf
strcpy
fread
_wfopen
wcschr
localtime
time
fclose
_snwprintf
_wcsnicmp
_initterm
_stricmp

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

netapi32

Netbios

ws2_32

closesocket
WSAStartup
socket
gethostname
inet_addr
sendto
WSAGetLastError
recvfrom
ntohs
inet_ntoa
htons

wininet

InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetCloseHandle

crypt32

CertFreeCertificateContext
CertCreateCertificateContext
CertGetNameStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

857965a8948cfcdd84feed8bda3df3ef

Headers

File Characteristics

Imports

kernel32

user32

shell32

oleaut32

atl

shlwapi

msvcrt

msvcp60

netapi32

ws2_32

wininet

crypt32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 52KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 52KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB