f242bed0a0428d5f6e3b46a11545df99dd099802ba8d980f01065d2f4748451f

Sharing

Copy URL Twitter E-mail

General

Target

f242bed0a0428d5f6e3b46a11545df99dd099802ba8d980f01065d2f4748451f
Size

76KB
MD5

47ac43a73a62ef5890053c6d5dd1f1b6
SHA1

d79fe9a51f2bcc774b23621bd8822da0f89ee1a9
SHA256

f242bed0a0428d5f6e3b46a11545df99dd099802ba8d980f01065d2f4748451f
SHA512

499fe75a721f46250e95c0c4a357ce1fc75f8baa211adfd0b39c853737c5c060b4d2a3a8811c899a514b4c23bed3b0f2b8da6e5c4b8f1c1c15a8f0627749f899
SSDEEP

768:8ekxqoJmuUDkgdwTZDRCdoKx+HRQ0Oqov/rx1TxwGxSmbi2P0zh3o8/09bjaixPf:jkxfWkgdwT0Tx+HR4N1lzM14LjjXYc

Score

N/A

Malware Config

Signatures

Files

f242bed0a0428d5f6e3b46a11545df99dd099802ba8d980f01065d2f4748451f
.exe regsvr32 windows x86

d68b7576c4576a554732421e7170cfbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetTickCount
GetTempPathA
GetModuleFileNameA
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
ExitProcess
Sleep
ExitThread
OpenEventA
CreateThread
lstrcmpiA
MoveFileExA
OpenThread
CreateMutexA
OpenMutexA
DeleteFileA
CopyFileA
GetModuleHandleA
UnmapViewOfFile
FreeLibrary
LoadLibraryA
VirtualFree
ReadFile
GetFileSize
GetTempFileNameA
WriteFile
GetCurrentThread
lstrlenA
GetEnvironmentVariableA
GetFileTime
MapViewOfFile
CreateFileW
CreateFileMappingW
SetFilePointer
SystemTimeToFileTime
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
FindFirstFileW
FindClose
FindNextFileW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetLastError
GetVersion
VirtualQuery
GetProcAddress
VirtualAlloc
VirtualProtect
GetProcessHeap
HeapFree
GetCurrentProcessId
HeapAlloc
TerminateProcess
RtlUnwind
OutputDebugStringA
SetUnhandledExceptionFilter

advapi32

ImpersonateSelf
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteA

wininet

InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
InternetSetOptionA
InternetOpenA
InternetSetStatusCallback
HttpOpenRequestA
InternetConnectA
InternetReadFile

ntdll

wcscmp
wcstoul
wcscpy
strcmp
wcsstr
wcscat
wcslen
strlen
memcmp
ZwQuerySystemInformation
NtQueueApcThread
memcpy
atoi
memset
_vsnprintf

msvcrt

__CxxFrameHandler
_errno
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
free
malloc
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
_callnewh
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memmove
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit

shlwapi

SHDeleteKeyA

Exports

Exports

DllRegisterServer
DllUnregisterServer
InitHelperDll

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d68b7576c4576a554732421e7170cfbb

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

ntdll

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 20KB - Virtual size: 16KB

.data1 Size: 4KB - Virtual size: 6KB

.CRT Size: 4KB - Virtual size: 20B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 20KB - Virtual size: 16KB

.data1
Size: 4KB - Virtual size: 6KB

.CRT
Size: 4KB - Virtual size: 20B

.reloc
Size: 8KB - Virtual size: 6KB