ORQTUIComObjects[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ORQTUIComObjects.dll
Size

328KB
MD5

043259b07eca352838f875d1cd634d08
SHA1

e2ea52d04a7790398c21e8252b8670db55f8383c
SHA256

ed96e125daf8914820b2827844948b05eda50af0dc1e9cb69981d83d99d45665
SHA512

e67d19a728130b26adff22a9fee4dcdeb2ede9c44d2f1591d2171ee2b7d6dd0ed88b4196cf456e4e62b026b84c45d99c4ff1f380c5a928230105c34345656f61
SSDEEP

6144:EiS5WKJgj29s+zkO1BjtoHHcDuvPDxnDMD8DpDoDEDxDTyPwD5YUe67Dgp+EjaIK:T8gy9s+zkDcDuvPDxnDMD8DpDoDEDxDh

Score

N/A

Malware Config

Signatures

Files

ORQTUIComObjects.dll
.dll regsvr32 windows x86

bbca57956485bb00f9b296f21bbc8dfb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71u

ord5199
ord4256
ord3176
ord3677
ord757
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord3327
ord764
ord762
ord2366
ord4119
ord5609
ord5493
ord553
ord2651
ord6086
ord5855
ord3395
ord1536
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord575
ord577
ord1542
ord4320
ord2009
ord1007
ord5096
ord4238
ord1392
ord5908
ord1661
ord1662
ord2011
ord4884
ord5178
ord605
ord266
ord3635
ord591
ord3165
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord587
ord3158
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2985
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2402
ord2407
ord2388
ord2404
ord931
ord927
ord760
ord2077
ord3599
ord5911
ord1611
ord566
ord2893
ord293
ord4026
ord269
ord776
ord1472
ord870
ord1043
ord2239
ord1049
ord3824
ord1908
ord354
ord4574
ord4347
ord265
ord4729
ord4206
ord2560
ord2155
ord1785
ord1085
ord572
ord1894
ord1178
ord1182
ord1608
ord3940
ord1393
ord4226
ord5148
ord1899
ord5067
ord6271
ord4179
ord5210
ord3397
ord4716
ord4276
ord1591
ord5956
ord920
ord925
ord929
ord765
ord315
ord1033
ord1197
ord1199
ord1093
ord581
ord1162
ord1087
ord1079
ord1200
ord314
ord1170
ord1168
ord1192
ord1115
ord371

msvcr71

swprintf
wcscpy
wcsrchr
memcmp
wcsncpy
iswspace
wcsstr
_vscwprintf
vswprintf
__CxxExceptionFilter
__CxxDetectRethrow
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__CxxCallUnwindDtor
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_purecall
??0exception@@QAE@XZ
__CxxFrameHandler
_CxxThrowException
realloc
_except_handler3
wcscmp
free
memmove
memset
_amsg_exit
wcscat
wcslen
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
__security_error_handler
__dllonexit
_onexit
?terminate@@YAXXZ

kernel32

OutputDebugStringW
LoadLibraryA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetLastError
lstrlenW
QueryPerformanceCounter
ExitProcess
GetModuleHandleA
GetProcAddress
OutputDebugStringA
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
MultiByteToWideChar
GetCurrentThreadId
FindResourceExW
SizeofResource
Sleep
GetModuleHandleW
LoadLibraryExW
FreeLibrary
lstrcatW
lstrcpynW
lstrcmpiW
lstrcpyW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
GetTickCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap

user32

RedrawWindow
SendMessageW
EnableWindow
DestroyIcon
LoadImageW
LoadIconW
CharNextW
OffsetRect
UnionRect
LoadStringW
MessageBoxW
GetWindowRect

oleaut32

VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VarBstrCat
DispCallFunc
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
SafeArrayDestroy
VarCmp
SysAllocStringLen
SafeArrayUnlock
VarBstrCmp
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantInit

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

mscoree

_CorDllMain

advapi32

RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW

shlwapi

PathFindExtensionW

ole32

CoGetClassObject
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromProgID
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbca57956485bb00f9b296f21bbc8dfb

Headers

File Characteristics

Imports

mfc71u

msvcr71

kernel32

user32

oleaut32

msvcp71

mscoree

advapi32

shlwapi

ole32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 168KB - Virtual size: 165KB

.data Size: 8KB - Virtual size: 69KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 168KB - Virtual size: 165KB

.data
Size: 8KB - Virtual size: 69KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 16KB - Virtual size: 12KB