XMLObjectSel[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

XMLObjectSel.dll
Size

132KB
MD5

36409bb666088ce52c1ae0662cc143d8
SHA1

b8d1d4a0a57f06005fb29efdd86d332c5596e0e5
SHA256

81c2bf88830b3e9a024b0dc17310cee6df7538eb65c0d23550721489e4218014
SHA512

1545f1a1247f583cf97bf8a222eaf57fec0bf9f985f1dc21bfeab277a37360a92d0496a03585d5943ee1931169ae418ac47e3560b3151ff8e65032e5b9af69f9
SSDEEP

3072:MJyWIeCUANuKfs5p3IX3p3Ckbeg3jfQlO9ocUhYTu3rK:MJyWIeFUb0O9oYO

Score

N/A

Malware Config

Signatures

Files

XMLObjectSel.dll
.dll regsvr32 windows x86

78575ff623ac10d172b8102444bf640b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71u

ord4256
ord3176
ord605
ord354
ord764
ord630
ord2012
ord266
ord1086
ord762
ord314
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord4255
ord3327
ord757
ord3824
ord2239
ord1043
ord1145
ord1908
ord280
ord577
ord4098
ord4026
ord2310
ord293
ord870
ord4480
ord2895
ord3756
ord3927
ord6063
ord283
ord1542
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord776
ord3082
ord385
ord774
ord3990
ord5524
ord4320
ord2009
ord1007
ord5096
ord566
ord5398
ord2460
ord1133
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord265
ord765
ord315
ord1033
ord1197
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord1200
ord1087
ord1162
ord581
ord2829
ord2725
ord2531
ord5196
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2402
ord2407
ord2388
ord3635
ord2404
ord931
ord927
ord929
ord925
ord920
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1661
ord1662
ord2011
ord4884
ord4206
ord5178
ord2167
ord1299
ord4574
ord2155
ord2651
ord4729
ord1079
ord1178
ord1182
ord860

msvcr71

free
realloc
_waccess
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
_access
wcschr
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
_CxxThrowException
memset
??1exception@@UAE@XZ
_wtoi
iswdigit
wcsncpy
??0exception@@QAE@XZ
memmove
wcslen
wcscmp
memcmp
wcsstr
vswprintf
_vscwprintf
_wcslwr
iswspace
wcscat
_purecall
wcsrchr
wcscpy
swprintf
_except_handler3

kernel32

GetTickCount
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
GetModuleHandleW
FindResourceExW
RaiseException
InterlockedDecrement
InterlockedIncrement
lstrlenW
Sleep
CloseHandle
OpenProcess
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalSize
CreateProcessW
GetPrivateProfileIntW
LocalFree
LocalAlloc
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleFileNameW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LoadLibraryA
lstrlenA
DeleteCriticalSection
GetCurrentProcessId

user32

LoadStringW
EnableWindow
SetTimer
KillTimer
PostQuitMessage
UnregisterClassA
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CreateWindowExW
GetWindowThreadProcessId
GetWindow
ShowWindow
IsWindowVisible
EnumWindows
UnregisterClassW
MessageBoxW
CharLowerW
FindWindowW
GetTopWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SendMessageW
GetWindowLongW
GetParent
GetForegroundWindow
RegisterWindowMessageW
SendMessageTimeoutW
SetForegroundWindow
SystemParametersInfoW
RegisterClassW
PostThreadMessageW

advapi32

RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CLSIDFromProgID
CoTaskMemFree
StringFromCLSID
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoGetClassObject
CoCreateInstance

oleaut32

SysStringLen
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysReAllocStringLen
VarBstrCmp
VariantClear
SafeArrayLock
SafeArrayUnlock
SysAllocStringLen
VariantInit
VariantCopy
SafeArrayGetElement
SafeArrayDestroyDescriptor
SafeArrayDestroyData
LoadRegTypeLi
LoadTypeLi
VarBstrCat
RegisterTypeLi

atl71

ord30
ord32
ord15
ord61
ord23
ord56
ord49
ord55
ord64
ord22
ord18
ord65
ord66

msvcp71

?id@?$ctype@D@std@@2V0locale@2@A
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Id_cnt@id@locale@std@@0HA
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78575ff623ac10d172b8102444bf640b

Headers

File Characteristics

Imports

mfc71u

msvcr71

kernel32

user32

advapi32

ole32

oleaut32

atl71

msvcp71

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 32KB - Virtual size: 29KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 32KB - Virtual size: 29KB

.reloc
Size: 8KB - Virtual size: 5KB