b69c1a00e6b41cc7d42afee026380577e260053c3439f41f42281eb794aaa3ec

Sharing

Copy URL Twitter E-mail

General

Target

b69c1a00e6b41cc7d42afee026380577e260053c3439f41f42281eb794aaa3ec
Size

353KB
MD5

9ff30b6e4057b4dc49b34e5d94ab3fd0
SHA1

f4e682d258419b151e72828b5aaf8d4b8ab88519
SHA256

b69c1a00e6b41cc7d42afee026380577e260053c3439f41f42281eb794aaa3ec
SHA512

a33a8eae1b9b01b7dc10e25287e501268af1c4c44d2e1033efafe5e8ebb024555587fef96e5e40275a03c699f238f3e7aa867211529b8b2e7eacfca8d667cb80
SSDEEP

6144:+UAE5AAt6VtamBG6u4I/Q3kPmGHW++b7I6tMbP2B93FLQtCET:+UAetQam86/kQKmGHW+K7I6tMb2nJQsi

Score

N/A

Malware Config

Signatures

Files

b69c1a00e6b41cc7d42afee026380577e260053c3439f41f42281eb794aaa3ec
.dll regsvr32 windows x86

a2a82e8635e5ebd75f6bb594bc785007

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
CreateThread
GetLastError
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
lstrcmpiW
RaiseException
SetThreadLocale
GetThreadLocale
FindResourceW
GetVersionExW
GetWindowsDirectoryW
WinExec
OpenProcess
lstrlenA
GetProcAddress
LoadLibraryW
FreeLibrary
SizeofResource
LoadResource
LockResource
CreateFileW
WriteFile
CloseHandle
GetTickCount
LeaveCriticalSection
FindResourceExW
EnterCriticalSection
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
HeapSize
Sleep
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetProcessHeap
GetVersionExA
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapFree
InterlockedExchange
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
RtlUnwind

user32

EnumWindows
CharNextW
MessageBoxW
CharLowerA
CharLowerW
PostMessageW
GetWindowThreadProcessId
UnregisterClassA

advapi32

IsTextUnicode
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoGetClassObject
StringFromGUID2
CoCreateInstance

oleaut32

VarUI4FromStr
RegisterTypeLi
VarBstrCat
SysFreeString
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantClear
UnRegisterTypeLi

rpcrt4

NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrStubForwardingFunction

wininet

InternetGetCookieW
InternetSetCookieW
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetReadFile

urlmon

CoInternetGetSession

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UnInstall

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shr
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2a82e8635e5ebd75f6bb594bc785007

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

wininet

urlmon

version

psapi

Exports

Exports

Sections

.text Size: 215KB - Virtual size: 215KB

.orpc Size: 512B - Virtual size: 148B

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 9KB

.shr Size: 512B - Virtual size: 1B

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 215KB - Virtual size: 215KB

.orpc
Size: 512B - Virtual size: 148B

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 9KB

.shr
Size: 512B - Virtual size: 1B

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 11KB - Virtual size: 10KB