ac8369ec50693f80feed71b41d1da3ae621d2a290405cc78ab4f47cee6f363f5

Sharing

Copy URL

Twitter E-mail

General

Target

ac8369ec50693f80feed71b41d1da3ae621d2a290405cc78ab4f47cee6f363f5
Size

250KB
MD5

004df312db4ba4eab42fab762f24af30
SHA1

1e8feb0c93240b29e17fd299cd8dfeeb030a25e2
SHA256

ac8369ec50693f80feed71b41d1da3ae621d2a290405cc78ab4f47cee6f363f5
SHA512

4571a19aa0d37576e3acbefb4218ab1118f8f6047b85117feec464cf68da7c74211b0bd61b9d4b9db011770bd4689cce6f29ed2c65e7203c0835dbbbe5887e42
SSDEEP

6144:77xB7B/fqFKaninqkpDUVWK71asKvwt0BLgM:77rN/GTJsvwtL

Score

N/A

Malware Config

Signatures

Files

ac8369ec50693f80feed71b41d1da3ae621d2a290405cc78ab4f47cee6f363f5
.dll regsvr32 windows x86

ea9da94f25ccf2db7aec24884615a048

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
malloc
_initterm
free
_wtoi
iswdigit
_itow
wcscpy
wcstoul
wcschr
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wcsicmp
__CxxFrameHandler
_CxxThrowException
wcscat
_ultow
_purecall
wcstombs
wcslen
?terminate@@YAXXZ

query

?IsCIPaused@CMachineAdmin@@QAEHXZ
?IsStarted@CCatalogAdmin@@QAEHXZ
?IsPaused@CCatalogAdmin@@QAEHXZ
??0CRegAccess@@QAE@KPBG@Z
?Get@CRegAccess@@QAEXPBGPAGI@Z
?CiGetPassword@@YGHPBG0PAG@Z
??0CMetaDataMgr@@QAE@HW4CiVRootTypeEnum@@KPBG@Z
?EnumVServers@CMetaDataMgr@@QAEXAAVCMetaDataVirtualServerCallBack@@@Z
??1CMetaDataMgr@@QAE@XZ
??0CDefColumnRegEntry@@QAE@XZ
?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ
??0CLocalGlobalPropertyList@@QAE@PAVCEmptyPropertyList@@HPBGK@Z
??0CDbColId@@QAE@XZ
?SetProperty@CDbColId@@QAEHPBG@Z
?Refresh@CDefColumnRegEntry@@QAEXH@Z
?Cleanup@CDbColId@@QAEXXZ
?GetOleError@@YGJAAVCException@@@Z
?SystemExceptionTranslator@@YAXIPAU_EXCEPTION_POINTERS@@@Z
?QueryCatalogEnum@CMachineAdmin@@QAEPAVCCatalogEnum@@XZ
?Next@CCatalogEnum@@QAEHXZ
?AddCatalog@CMachineAdmin@@QAEXPBG0@Z
?QueryScopeEnum@CCatalogAdmin@@QAEPAVCScopeEnum@@XZ
?Next@CScopeEnum@@QAEHXZ
?QueryScopeAdmin@CScopeEnum@@QAEPAVCScopeAdmin@@XZ
?QueryScopeAdmin@CCatalogAdmin@@QAEPAVCScopeAdmin@@PBG@Z
?SetAlias@CScopeAdmin@@QAEXPBG@Z
?SetExclude@CScopeAdmin@@QAEXH@Z
?SetLogonInfo@CScopeAdmin@@QAEXPBG0AAVCCatalogAdmin@@@Z
?PauseCI@CMachineAdmin@@QAEHXZ
?IsCatalogInactive@CCatalogAdmin@@QAEHXZ
?IsCIStopped@CMachineAdmin@@QAEHXZ
?IsCIStarted@CMachineAdmin@@QAEHXZ
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
?MakeMetadataICommand@@YGJPAPAUIUnknown@@W4CiMetaData@@PBG2PAU1@@Z
CIState
?IsStopped@CCatalogAdmin@@QAEHXZ
?AddCachedProperty@CCatalogAdmin@@QAEXABVCFullPropSpec@@KKKH@Z
?SetDWORDParam@CCatalogAdmin@@QAEXPBGK@Z
?GetDWORDParam@CCatalogAdmin@@QAEHPBGAAK@Z
?RemoveScope@CCatalogAdmin@@QAEXPBG@Z
?QueryCatalogAdmin@CMachineAdmin@@QAEPAVCCatalogAdmin@@PBG@Z
?AddScope@CCatalogAdmin@@QAEXPBG0H00@Z
?IsCIEnabled@CMachineAdmin@@QAEHXZ
?EnableCI@CMachineAdmin@@QAEHXZ
?StopCI@CMachineAdmin@@QAEHXZ
?DisableCI@CMachineAdmin@@QAEHXZ
?TunePerformance@CMachineAdmin@@QAEXHGG@Z
?SetDWORDParam@CMachineAdmin@@QAEXPBGK@Z
?GetDWORDParam@CMachineAdmin@@QAEHPBGAAK@Z
??0CMachineAdmin@@QAE@PBGH@Z
?RemoveCatalog@CMachineAdmin@@QAEXPBGH@Z
??1CMachineAdmin@@QAE@XZ
_ForceMasterMerge@16
?UpdateContentIndex@@YGKPBG00H@Z
??1CCatalogEnum@@QAE@XZ
??1CScopeEnum@@QAE@XZ
??1CCatalogAdmin@@QAE@XZ
?Pause@CCatalogAdmin@@QAEHXZ
?StartCI@CMachineAdmin@@QAEHXZ
?Start@CCatalogAdmin@@QAEHXZ
??0CException@@QAE@XZ
?RemoveCatalogFiles@CMachineAdmin@@QAEXPBG@Z
?GetLocation@CCatalogAdmin@@QAEPBGXZ
?ciDelete@@YGXPAX@Z
?ciNew@@YGPAXI@Z
?Stop@CCatalogAdmin@@QAEHXZ

user32

LoadStringW
SendMessageW
DialogBoxParamW
SetWindowLongW
EndDialog
GetWindowLongW
MessageBeep
wsprintfW
PostMessageW
CheckRadioButton
RegisterClipboardFormatW
GetParent
SetWindowTextW
SetFocus
IsWindowEnabled
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItemTextW
GetDlgItem
MessageBoxW
GetFocus
ShowWindow
SetTimer
KillTimer
EnableWindow
WinHelpW
LoadBitmapW
LoadIconW
SendDlgItemMessageW

gdi32

DeleteObject

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW

kernel32

SetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
InterlockedIncrement
GetModuleHandleA
GetLastError
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
VirtualAlloc
LocalFree
FormatMessageW
GetSystemDefaultLCID
LoadLibraryA
GlobalFree
GetSystemWindowsDirectoryW
GlobalAlloc
LoadLibraryW
IsBadReadPtr

advapi32

RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyA
RegCloseKey
RegCreateKeyExW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
StringFromGUID2
CreateStreamOnHGlobal
CoInitialize

Exports

Exports

ServiceMain
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea9da94f25ccf2db7aec24884615a048

Headers

File Characteristics

Imports

msvcrt

query

user32

gdi32

shell32

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 73KB

.data Size: 55KB - Virtual size: 55KB

.rsrc Size: 113KB - Virtual size: 113KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 74KB - Virtual size: 73KB

.data
Size: 55KB - Virtual size: 55KB

.rsrc
Size: 113KB - Virtual size: 113KB

.reloc
Size: 6KB - Virtual size: 5KB