SORMngrUIAddin[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

SORMngrUIAddin.dll
Size

256KB
MD5

f3b94dc6565a8c796de4a7ad59f4b7f9
SHA1

818018bafc089f42eb02ddf64032f23738f712b7
SHA256

61f031d4516bdbf34b4eda3a7f6931a7f86ac88d28dcb8caad456833d2b30b9f
SHA512

bbc358d74636e606ddcde42ae25cb0ff08bb9810c7bbff3607f1007ffd71e131ce821bc3e569d14afb10d65c017bf13a78f6fa8d3d32712e459b1d91287dc82a
SSDEEP

3072:KwNzomf+g9wr3IX3YI1hyCajdM30unxlkSoJz/mJcdVszeDuFURQw+:KEomf+gPV3xpze6F2Qw

Score

N/A

Malware Config

Signatures

Files

SORMngrUIAddin.dll
.dll regsvr32 windows x86

2f6cfc1143568eb471fac38ea4976954

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71u

ord5096
ord1007
ord2009
ord4320
ord266
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord3677
ord1911
ord3826
ord5378
ord581
ord1162
ord1087
ord1079
ord1200
ord314
ord1170
ord1168
ord1192
ord1115
ord371
ord1093
ord1199
ord1197
ord1033
ord315
ord765
ord6215
ord3800
ord5579
ord2054
ord6274
ord3795
ord6272
ord4008
ord1182
ord1178
ord3824
ord2239
ord1043
ord1908
ord265
ord566
ord293
ord4032
ord757

msvcr71

_except_handler3
free
_amsg_exit
wcscat
wcslen
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv
vswprintf
iswdigit
_wtoi
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
__CppXcptFilter
__dllonexit
_onexit
__security_error_handler
?terminate@@YAXXZ
_purecall
??1bad_cast@@UAE@XZ
memmove
realloc
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
memcmp
wcscpy
wcsrchr
wcsstr
_access
wcschr
wcscmp
iswspace
??0bad_cast@@QAE@PBD@Z
_CxxThrowException
swprintf
__CxxExceptionFilter
__CxxDetectRethrow
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
wcsncpy
memset
__CxxCallUnwindDtor

kernel32

InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
Sleep
WideCharToMultiByte
LockResource
FindResourceExW
CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
lstrcatW
GetProcAddress
OutputDebugStringA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LocalAlloc
LocalFree
OpenProcess
LoadLibraryW
lstrlenA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
lstrcpynW
lstrcmpiW
GetLastError
GetModuleFileNameW
lstrcpyW
GetModuleHandleA
SizeofResource
GetPrivateProfileIntW
CreateProcessW
GlobalSize
GlobalAlloc
lstrlenW

user32

UnregisterClassW
CharNextW
LoadStringW
PostThreadMessageW
KillTimer
PostQuitMessage
DispatchMessageW
TranslateMessage
UnregisterClassA
SetTimer
MessageBoxW
CharLowerW
FindWindowW
GetTopWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SendMessageW
GetWindowThreadProcessId
GetWindowLongW
GetParent
GetForegroundWindow
RegisterWindowMessageW
SendMessageTimeoutW
SetForegroundWindow
SystemParametersInfoW
RegisterClassW
CreateWindowExW
MsgWaitForMultipleObjects
PeekMessageW

oleaut32

VariantCopy
SysStringLen
LoadRegTypeLi
DispCallFunc
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarBstrCat
SysAllocStringLen
SysReAllocStringLen

msvcp71

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?flags@ios_base@std@@QBEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?to_int_type@?$char_traits@D@std@@SAHABD@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QBEHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z

mscoree

_CorDllMain

advapi32

RegDeleteValueW
RegQueryValueExW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW

shlwapi

PathFindExtensionW

ole32

CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
StringFromCLSID
CoTaskMemFree
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f6cfc1143568eb471fac38ea4976954

Headers

File Characteristics

Imports

mfc71u

msvcr71

kernel32

user32

oleaut32

msvcp71

mscoree

advapi32

shlwapi

ole32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 152KB - Virtual size: 150KB

.data Size: 4KB - Virtual size: 56KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 152KB - Virtual size: 150KB

.data
Size: 4KB - Virtual size: 56KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 4KB