TEAVirtualObject[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

TEAVirtualObject.dll
Size

48KB
MD5

ecafc7d15ce3b77d67989b24c8af369d
SHA1

4dccd39cd1bbeb7edc3d160570edb6a56834ffa1
SHA256

c47282f1e99cb2a3661977c8cf20ec3ac0d7bcf33061892c000236fd64818d14
SHA512

9765f186b4ca1da40be89bb0219036791ebbef1519ab61286112b9b86c289898295f9ed23a0711dc1a07addd4f5c8046e40150b297f16d9f1738a9f7909aa2a9
SSDEEP

768:GdHaUTKIpIzZC3ep7Rnuq1EyufBJHuih27rt+3ayJGl:Uqdptnuq1jufBJH5mJEayJGl

Score

N/A

Malware Config

Signatures

Files

TEAVirtualObject.dll
.dll regsvr32 windows x86

e8ae8fc49cdee7dd26bd27c9789780e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71u

ord1908
ord265
ord762
ord4320
ord2009
ord1007
ord5096
ord566
ord314
ord765
ord315
ord1043
ord1197
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord1200
ord1079
ord1087
ord1162
ord581
ord2239
ord3824
ord757
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord764
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord3800
ord5579
ord2054
ord6274
ord3795
ord6272
ord4008
ord4032
ord1178
ord1182
ord3677
ord266
ord1033

msvcr71

wcsncpy
realloc
swprintf
__CppXcptFilter
_adjust_fdiv
_initterm
wcscat
_purecall
_except_handler3
free
malloc
wcscpy
wcsrchr
__CxxFrameHandler
__security_error_handler
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
memset

kernel32

GetTickCount
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
Sleep
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
lstrcatW
lstrcpynW
lstrcmpiW
GetLastError
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
lstrlenW
DeleteCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
InitializeCriticalSection
GetVersionExA

user32

CharNextW

advapi32

RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW

shlwapi

PathFindExtensionW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

oleaut32

VariantInit
VarUI4FromStr
VariantCopy
LoadRegTypeLi
SysStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8ae8fc49cdee7dd26bd27c9789780e9

Headers

File Characteristics

Imports

mfc71u

msvcr71

kernel32

user32

advapi32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB