aae90e0f77eb0af96968a7e5bf363f228b5125e510fb677566b3e8b0ac9ba991

Sharing

Copy URL Twitter E-mail

General

Target

aae90e0f77eb0af96968a7e5bf363f228b5125e510fb677566b3e8b0ac9ba991
Size

30KB
MD5

9b14e1cbc5ae7b537077e2a5f8fcb149
SHA1

57eb3337a47e6e548a63054c3ad31354fd4ff8fe
SHA256

aae90e0f77eb0af96968a7e5bf363f228b5125e510fb677566b3e8b0ac9ba991
SHA512

f4b516224916f36e10a0a85c7dbe6cd44e1917e69d4c91dbca122ecb04c3c6dbff74d74301b459356f48b75c91d3ca7fc6215f708801231e256bb08eecefa139
SSDEEP

384:NMIgJDQM/8uohzCPDkvfAnQhSyWH7FGLaInMYk7RH14VAcBWgf1RIuyEKDvM72:N6/T4XziH7FG/nMYU1wAI+EKDka

Score

N/A

Malware Config

Signatures

Files

aae90e0f77eb0af96968a7e5bf363f228b5125e510fb677566b3e8b0ac9ba991
.dll regsvr32 windows x86

48a52f58cd8a81ac06a5cc0f95450871

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW
StrStrW
StrCatW
StrStrIW
StrCmpW
StrCpyW

ws2_32

gethostbyname
inet_ntoa

kernel32

VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
RtlUnwind
GetModuleFileNameW
CreateThread
Sleep
CloseHandle
DisableThreadLibraryCalls
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
WaitForSingleObject
OpenMutexW
ReleaseMutex
CreateProcessW
FreeLibraryAndExitThread
GetCurrentProcessId
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
MoveFileExW
ExitThread
CreateFileW
GetFileSize
VirtualAlloc
ReadFile
FlushFileBuffers
WriteFile
GetTickCount
lstrlenW
GetSystemDirectoryW
GetVersionExW
GetSystemTime
MultiByteToWideChar
VirtualFree
GetTempPathW
LoadLibraryA
GetProcAddress
FreeLibrary
IsDebuggerPresent
lstrcpyW
LoadLibraryW
GetCurrentProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
CreateRemoteThread
VirtualFreeEx
TerminateProcess
WideCharToMultiByte
lstrcatW
QueryPerformanceCounter

user32

wsprintfA
CharLowerW
wsprintfW

advapi32

InitializeSecurityDescriptor
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegFlushKey
SetSecurityDescriptorDacl

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitialize

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

Exports

Exports

DllRegisterServer
LsaApCallPackage
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
LsaApLogonTerminated
LsaApLogonUser
LsaApLogonUserEx
SpInitialize
a

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48a52f58cd8a81ac06a5cc0f95450871

Headers

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 8B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 8B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB