SnapshotFilesMgr[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SnapshotFilesMgr.dll
Size

248KB
MD5

2e75423929f38526c3ef342b4b704ae0
SHA1

8f17dcdba7f459c93f5826ecfec95eb0acd7d14e
SHA256

dcb41f099767337226d086f54ca2b2b1a1614da2f197ec6e95d0c351ff223488
SHA512

79c61b9cf8e2e51d89b4a2e1b0c18a6dbe1b6c8741d88bc94def4aedc7e9aaa383cf88c4c6475154932ace00c934fd1d6d845a57c905df3c654ba8159bc443e5
SSDEEP

6144:iidEKBrhPlovHicxndpPBVzfRA5di/LXpgTWi:trhPSHiGpPBtfRcdi7p

Score

N/A

Malware Config

Signatures

Files

SnapshotFilesMgr.dll
.dll regsvr32 windows x86

ebc83c55b607e7ccedaa2441643fdc98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsRootW
PathIsUNCW
PathStripToRootW
PathRelativePathToW
PathCanonicalizeW
PathFindExtensionW

kernel32

GetLocaleInfoA
GetThreadLocale
GetModuleFileNameW
Sleep
DisableThreadLibraryCalls
GetModuleHandleW
lstrlenW
lstrcpyW
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
InitializeCriticalSection
lstrcatW
RaiseException
InterlockedIncrement
InterlockedDecrement
RemoveDirectoryW
FindClose
FindNextFileW
GetACP
DeleteFileW
GetFileAttributesW
CreateDirectoryW
GetDiskFreeSpaceExW
LockResource
CopyFileW
FindResourceExW
WideCharToMultiByte
GetCurrentThreadId
GetTickCount
CloseHandle
OpenProcess
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalSize
CreateProcessW
GetPrivateProfileIntW
lstrlenA
QueryPerformanceCounter
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
InterlockedExchange
GetVersionExW
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
DebugBreak
GetModuleFileNameA
GetCurrentProcess
FindFirstFileW

user32

SystemParametersInfoW
UnregisterClassA
CharNextW
UnregisterClassW
LoadStringW
PostThreadMessageW
SetTimer
MessageBoxW
CharLowerW
FindWindowW
GetTopWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SendMessageW
GetWindowThreadProcessId
GetWindowLongW
GetParent
GetForegroundWindow
RegisterWindowMessageW
SendMessageTimeoutW
SetForegroundWindow
RegisterClassW
CreateWindowExW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
KillTimer

advapi32

RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromProgID
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoGetClassObject
StringFromGUID2
CoCreateInstance

oleaut32

SysReAllocStringLen
VarBstrCat
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayDestroyDescriptor
SafeArrayPutElement
VarBstrCmp
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
VariantClear
VariantInit
DispCallFunc
UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
RegisterTypeLi

msvcp71

?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?to_int_type@?$char_traits@G@std@@SAGABG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?eof@?$char_traits@G@std@@SAGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?to_int_type@?$char_traits@D@std@@SAHABD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QBEHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ

msvcr71

_wcsnicmp
swprintf
wcscpy
wcsrchr
wcscat
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
??_V@YAXPAX@Z
memcpy
memset
_except_handler3
memcmp
_purecall
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
free
wcsncpy
realloc
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
malloc
wcsstr
wcscmp
_waccess
wcschr
wcslen
iswalpha
_wremove
fclose
fwprintf
_wfopen
memmove
wcspbrk
iswspace
_vscwprintf
vswprintf
_access
iswdigit
_wtoi
_callnewh
__security_error_handler
_CRT_RTC_INIT
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
??1bad_cast@@UAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebc83c55b607e7ccedaa2441643fdc98

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 8KB