RealFileSystem[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

RealFileSystem.dll
Size

38KB
MD5

9457a16f1d4ff421cc547e5be473347b
SHA1

f7794b3984e4e9a00b51d2b79a6289d67f8ca592
SHA256

48fd087c4167d5c3d21a67ff7a6415fafcaaaeab827ae1320be11b61ac317dcd
SHA512

939edf7c8a2d92eb8d1d3ed7db17cc965937a92ea6d821a27d68a3dadf39c1ea78e5cecd40ef8ce3026b215e8c3fdd5dbdd5c58fd9679f7bb0287b621b1b9dc3
SSDEEP

768:yjh0GZIvxoyaEahgNwgzbKu942QiqmG6lXXHBMPqkFSQ:ah0GZIvxoyaEahqwSQi/lhMPpSQ

Score

N/A

Malware Config

Signatures

Files

RealFileSystem.dll
.dll regsvr32 windows x86

79f22a4cc5c73c90aa9c3b4bc5372975

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAppendW

atl71

ord49
ord56
ord23
ord61
ord15
ord32
ord58
ord31
ord22
ord64
ord18
ord55

kernel32

GetFileSize
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
GetFileTime
SetEndOfFile
FlushFileBuffers
CloseHandle
WriteFile
DeleteFileW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
Sleep
lstrlenW
ReadFile
CreateEventW
SetEvent
WaitForSingleObject
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetLastError
CreateFileW
QueryPerformanceCounter
SetFilePointer
lstrlenA
ExitProcess

advapi32

RegCloseKey
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW

ole32

StringFromCLSID
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemFree

oleaut32

SysReAllocStringLen
SysAllocStringLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayGetElement
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SafeArrayUnlock
SafeArrayLock

msvcp71

?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr71

_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_callnewh
malloc
memset
_wtoi
iswdigit
vswprintf
wcscat
_initterm
__CppXcptFilter
__security_error_handler
_wcsnicmp
_wcsicmp
wcschr
wcslen
_CxxThrowException
??3@YAXPAX@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
_waccess
wcscpy
_wsplitpath
??_V@YAXPAX@Z
wcscmp
??0exception@@QAE@ABV0@@Z
swprintf
wcsrchr
free
_except_handler3
_purecall
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79f22a4cc5c73c90aa9c3b4bc5372975

Headers

File Characteristics

Imports

shlwapi

atl71

kernel32

advapi32

ole32

oleaut32

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 548B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 548B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 2KB