eac380e0eb7cdb9bfefe4beface8e69e116852e19523cc6677bb73f8e75fb9c8

Sharing

Copy URL

Twitter E-mail

General

Target

eac380e0eb7cdb9bfefe4beface8e69e116852e19523cc6677bb73f8e75fb9c8
Size

227KB
MD5

ea7b4943f3a23b9ff1590313c98e44a1
SHA1

d1de1c2c4ba293de46a2deef58f17eac9f6282e0
SHA256

eac380e0eb7cdb9bfefe4beface8e69e116852e19523cc6677bb73f8e75fb9c8
SHA512

63b21ba977ad9788a5285eb4b056e82f24de44c00c813e3feb17c46084bd7f6a18c85fbe256f8ea83277cde96476d3fcb687b63759212df05143f60f5fb0510e
SSDEEP

3072:PCnapABw3XFFsiap4ecuicpeobdFCztherbP6O/mgkj6eXyOsQC1Chxw/A5eS4UO:PCnatToSVO/mgNeEk4geS4UO

Score

N/A

Malware Config

Signatures

Files

eac380e0eb7cdb9bfefe4beface8e69e116852e19523cc6677bb73f8e75fb9c8
.dll regsvr32 windows x86

8d1971725de79b76e812c321dff2b898

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriority
GetCurrentThread
TerminateThread
DuplicateHandle
IsBadReadPtr
VirtualProtect
VirtualAlloc
IsBadCodePtr
VirtualFree
Thread32Next
Thread32First
CreateToolhelp32Snapshot
HeapFree
HeapAlloc
GetProcessHeap
SetLastError
OpenThread
CreateThread
ResetEvent
CreateEventW
SetEvent
SetThreadPriority
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FreeLibraryAndExitThread
LoadLibraryW
GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
ProcessIdToSessionId
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
GetModuleHandleW
LoadLibraryExW
FreeLibrary
lstrcmpiW
GetLastError
DisableThreadLibraryCalls
UnmapViewOfFile
InterlockedExchangeAdd
GetComputerNameW
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleFileNameW
InterlockedExchange
DeleteCriticalSection
LocalFileTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
WaitForSingleObject
IsValidCodePage
GetOEMCP
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetCommandLineA
RtlUnwind
CloseHandle
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsDebuggerPresent
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetConsoleMode
GetConsoleCP
lstrcpynW
WriteFile
CreateFileW
DeleteFileW
ReadFile
GetFileSize
GetTempFileNameW
CreateMutexA
lstrcpynA
lstrlenA
GetTickCount
WideCharToMultiByte
GetSystemTime
GlobalUnlock
GlobalLock
GlobalSize
GetTempPathW
CreateSemaphoreW
CreateDirectoryW
lstrcatW
lstrcpyW
GetSystemTimeAsFileTime
ReleaseSemaphore
Sleep
GetTimeZoneInformation
SetFilePointer
GlobalAlloc
GlobalFree
GlobalReAlloc
CreateFileA
GetSystemDefaultLangID
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA

user32

CharLowerBuffW
UnregisterClassA
GetDesktopWindow
CharLowerW
SetTimer
KillTimer
PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjects
FindWindowExW
GetParent
GetClassNameW
IsWindow
CharNextW
DispatchMessageW

advapi32

AdjustTokenPrivileges
OpenProcessToken
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
SetNamedSecurityInfoW
ConvertStringSidToSidW
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptDeriveKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCreateKeyW
RegSetValueExW
RegCloseKey
LookupPrivilegeValueW

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoUnmarshalInterface
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
CoMarshalInterThreadInterfaceInStream

oleaut32

VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SysAllocString

shlwapi

PathStripPathW
SHCreateStreamOnFileW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSCloseServer
WTSQuerySessionInformationW
WTSOpenServerW
WTSFreeMemory

netapi32

NetWkstaUserEnum
NetApiBufferFree

oleacc

AccessibleChildren
AccessibleObjectFromWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d1971725de79b76e812c321dff2b898

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

wtsapi32

netapi32

oleacc

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 20KB - Virtual size: 18KB