d456e18f43772c789212938a91978c96d4191a9e480394eda4d82a86a2c73b9c

Sharing

Copy URL

Twitter E-mail

General

Target

d456e18f43772c789212938a91978c96d4191a9e480394eda4d82a86a2c73b9c
Size

265KB
MD5

faeb7bd8a1d2998e726a843ed2fcfd2b
SHA1

629b1c00333b6fe3c51221e5d8de7c1d08563d83
SHA256

d456e18f43772c789212938a91978c96d4191a9e480394eda4d82a86a2c73b9c
SHA512

9bc884b219b431ae0c2b17013c06486986cbce449bb2f584bcce0561b730f530b15f07334599f7fc0eb71f97601fdb35e56b03fca078b9e42dc138677b3b56d3
SSDEEP

6144:Kaxt9xlQZxcv+g/H0vurB6rdKDGYxm9GYx/9Gtxg:bxEZiv+CI4B6rdKDGYxm9GYx/9Gtxg

Score

N/A

Malware Config

Signatures

Files

d456e18f43772c789212938a91978c96d4191a9e480394eda4d82a86a2c73b9c
.dll regsvr32 windows x86

1ac5dd72aa5eaab14d43e7c014777720

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstChangeNotificationW
FindCloseChangeNotification
GetFileSize
CreateFileW
lstrcatW
ExpandEnvironmentStringsW
lstrcpyW
GetTempPathW
FindClose
FindNextFileW
CompareFileTime
GetFileTime
lstrcmpW
FindFirstFileW
ReadFile
DeleteFileW
GetACP
CopyFileW
GetTempFileNameW
WaitForMultipleObjects
GetSystemTimeAsFileTime
CreateEventW
LockResource
FindResourceExW
GetProcAddress
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
ReleaseMutex
ReleaseSemaphore
InterlockedExchangeAdd
Sleep
UnmapViewOfFile
MapViewOfFile
SetEvent
SetFilePointer
WriteFile
CreateSemaphoreW
CreateMutexW
lstrcpynW
GetCurrentProcess
CreateFileA
CreateFileMappingW
OpenFileMappingW
GetCurrentThreadId
CreateDirectoryW
GlobalSize
GetSystemTime
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetExitCodeThread
TerminateThread
GetTickCount
WaitForSingleObject
GetVersionExW
WideCharToMultiByte
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetCurrentProcessId
ProcessIdToSessionId
GetComputerNameW
GetModuleFileNameW
GetModuleHandleW
LocalFree
CloseHandle
GetProcessHeap
HeapFree
RaiseException
HeapAlloc
lstrlenW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
GetStringTypeA
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
CreateThread
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange

user32

CharLowerBuffW
CharLowerW
UnregisterClassA
CharNextW
LoadStringW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
GetDesktopWindow

advapi32

InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
CryptDeriveKey
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
LookupAccountNameW
ConvertSidToStringSidW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
SysAllocStringLen
VarBstrCmp
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayCreate

shlwapi

SHCreateStreamOnFileW
PathFileExistsW

wtsapi32

WTSCloseServer
WTSFreeMemory
WTSOpenServerW
WTSQuerySessionInformationW

netapi32

NetApiBufferFree
NetWkstaUserEnum

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ac5dd72aa5eaab14d43e7c014777720

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 12KB - Virtual size: 19KB

.SHARSTA Size: 4KB - Virtual size: 48B

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 12KB - Virtual size: 19KB

.SHARSTA
Size: 4KB - Virtual size: 48B

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 20KB - Virtual size: 17KB