XMLViewerCtl[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

XMLViewerCtl.dll
Size

168KB
MD5

1228774dba454a9fc2dc9f0114615130
SHA1

ffc2f1b1d73b8f8971ee72f8e785433b69ba72b2
SHA256

85b14c7d97ba41b6a753501c1c81f09f932a269ecea3cb6882aeeea1eb39cb71
SHA512

35c69d9bd89b63e9c6b72e1d05eb6e8aa098bc036454d5f7e8c44a4061496e9c801de01a6c76cb6eefee9014138537c8fa6a0267c07c68d5efbc8e8a405c1472
SSDEEP

3072:HCmm4EMQXeazAb815XWOhzmP9mZRy9a45Q6u+5dvl3KL2VFpHW:IPMQXeaMb815XWi4kyNQ/+VE2V

Score

N/A

Malware Config

Signatures

Files

XMLViewerCtl.dll
.dll regsvr32 windows x86

83471a5e9c150f647b3a8e0bb02fccd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71u

ord4884
ord2011
ord1662
ord1661
ord5908
ord1392
ord5199
ord4256
ord751
ord605
ord562
ord356
ord1636
ord1577
ord2985
ord3298
ord572
ord730
ord354
ord1785
ord2651
ord4574
ord1079
ord3993
ord5989
ord5987
ord6061
ord5721
ord6086
ord5920
ord4109
ord4119
ord3675
ord3582
ord5169
ord2982
ord3323
ord2872
ord2861
ord5053
ord651
ord618
ord663
ord416
ord370
ord426
ord5762
ord1556
ord2364
ord2155
ord2860
ord5867
ord5999
ord3342
ord5981
ord2864
ord5708
ord1176
ord1182
ord1178
ord265
ord1908
ord3677
ord1145
ord3824
ord1095
ord2239
ord1043
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord5163
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4729
ord3327
ord757
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord340
ord1542
ord577
ord2310
ord293
ord6063
ord870
ord1058
ord4035
ord860
ord2895
ord4026
ord5864
ord283
ord3869
ord1906
ord2282
ord6172
ord6166
ord865
ord5869
ord5862
ord1220
ord774
ord2878
ord2876
ord4060
ord280
ord776
ord899
ord5398
ord2460
ord1133
ord4320
ord2009
ord1007
ord5096
ord566
ord1352
ord4961
ord3338
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2402
ord2407
ord2388
ord2404
ord931
ord927
ord929
ord925
ord920
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5147
ord4233
ord1393
ord3940
ord1608
ord1611
ord4206
ord5178
ord3435
ord3635
ord4391
ord314
ord3070
ord5829
ord2366
ord3908
ord740
ord552
ord3310
ord4255
ord5171
ord1353
ord3339
ord5148
ord4238
ord1581
ord1727
ord1735
ord5357
ord4600
ord1725
ord1937
ord6100
ord6098
ord1927
ord1912
ord1358
ord944
ord2008
ord2043
ord2044
ord3791
ord2826
ord2791
ord6142
ord6138
ord2067
ord6006
ord6106
ord3668
ord1894
ord4882
ord596
ord3225
ord2953
ord4267
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord4475
ord1955
ord5911
ord3968
ord765
ord315
ord1033
ord1197
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord1200
ord1087
ord1162
ord581
ord4855
ord4858
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4771
ord4585
ord4175
ord4166
ord4974
ord4381
ord4775
ord4198
ord4784
ord4437
ord4438
ord2084
ord762
ord266
ord764
ord3484
ord3826
ord3646

msvcr71

__CppXcptFilter
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
__security_error_handler
_beginthreadex
_endthreadex
wcsstr
vswprintf
_vscwprintf
iswspace
memmove
_resetstkoflw
_except_handler3
memcmp
wcscat
wcsrchr
wcscpy
swprintf
malloc
realloc
memcpy
wcsncpy
wcslen
_CxxThrowException
_purecall
free
memset
__CxxFrameHandler

kernel32

GetVersionExA
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
GetTickCount
GetCurrentThreadId
TerminateThread
GetExitCodeThread
LoadLibraryA
GetProcAddress
OutputDebugStringW
FindResourceExW
SizeofResource
RaiseException
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
Sleep
GetModuleFileNameW
SetLastError
GetCurrentProcess
FlushInstructionCache
HeapAlloc
MultiByteToWideChar
lstrlenA
GetProcessHeap
HeapFree
GetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynW
LoadLibraryW
FreeLibrary
MulDiv
FindResourceW
LoadResource
LockResource
SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExW
HeapDestroy

user32

PostQuitMessage
DispatchMessageW
EnableWindow
GetFocus
OffsetRect
TranslateMessage
SetCapture
SendMessageW
GetParent
GetCapture
GetClientRect
LoadIconW
InvalidateRect
BringWindowToTop
MapWindowPoints
PeekMessageW
MsgWaitForMultipleObjects
RedrawWindow
GetNextDlgTabItem
CopyAcceleratorTableW
IsDialogMessageW
IntersectRect
EqualRect
SetWindowRgn
UnionRect
PtInRect
RegisterWindowMessageW
GetDlgItem
SendDlgItemMessageW
CreateWindowExW
GetKeyState
IsWindow
EnumChildWindows
ShowWindow
SystemParametersInfoW
MapDialogRect
DestroyWindow
SetWindowContextHelpId
SetWindowPos
GetWindow
IsChild
GetSysColor
DrawTextW
GetDC
ReleaseDC
GetDialogBaseUnits
SetFocus
PostMessageW
GetWindowLongW
SetWindowLongW
ScreenToClient
GetWindowRect
GetMessagePos

gdi32

CreateMetaFileW
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateSolidBrush
GetObjectW
SetBkColor
GetStockObject
Rectangle
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
DeleteObject
GetTextExtentPointW
GetTextMetricsW
SelectObject
CreateFontIndirectW
SetBkMode
SetTextColor

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW

ole32

CoCreateInstance
CoTaskMemAlloc
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
StringFromCLSID
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

OleCreatePropertyFrame
VariantChangeType
SysStringByteLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
RegisterTypeLi
OleTranslateColor
VariantInit
VariantClear
SysAllocStringLen
SysStringLen
SysFreeString

atl71

ord11
ord48
ord32
ord23
ord61
ord56
ord49
ord55
ord64
ord15
ord18
ord10
ord58
ord31
ord50
ord51
ord28
ord27
ord26
ord30
ord66
ord65
ord54
ord44
ord42
ord60
ord43
ord37
ord22
ord47

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83471a5e9c150f647b3a8e0bb02fccd1

Headers

File Characteristics

Imports

mfc71u

msvcr71

kernel32

user32

gdi32

advapi32

ole32

oleaut32

atl71

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 12KB - Virtual size: 9KB