b98a7df1532f0cc518fb30be822b9bf43b7d699e6c474df72df601563c6cf41d

Sharing

Copy URL Twitter E-mail

General

Target

b98a7df1532f0cc518fb30be822b9bf43b7d699e6c474df72df601563c6cf41d
Size

1.1MB
MD5

180f358cf31f389656832f22f286a2c2
SHA1

a1b556d0409b90ef846f82042989fe617f6961ab
SHA256

b98a7df1532f0cc518fb30be822b9bf43b7d699e6c474df72df601563c6cf41d
SHA512

7ac96c0871fa5536ba62c1d9465bca435633462434a54c9cd0196dc06392caf5f4ab8e8425544e721792d724cbe76378e08ae1c72b45c59b979b95e1a9e76527
SSDEEP

12288:zRRgiL7EnPvufj9KbIGU2I8iJqJSuSZGozjwG+OJ3WyvzRi66b9+u6kaiJyMefjG:zjgAEPviOIGU0SuSsDJqRSTIEMUGzq

Score

N/A

Malware Config

Signatures

Files

b98a7df1532f0cc518fb30be822b9bf43b7d699e6c474df72df601563c6cf41d
.dll regsvr32 windows x86

6a1708cd7dbcd395780c2ccd3d716021

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileA
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
SetEndOfFile
FlushFileBuffers
SetFilePointer
DeleteFileA
FileTimeToSystemTime
FindClose
FindFirstFileA
GetFileAttributesA
WritePrivateProfileStringA
SetErrorMode
ReleaseMutex
FlushViewOfFile
CreateMutexA
ReadFile
UnlockFile
LockFile
GetProcAddress
FreeLibrary
GetSystemTime
Sleep
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
TlsAlloc
LockFileEx
AreFileApisANSI
GetFileAttributesW
DeleteFileW
GetTempPathW
GetFullPathNameA
GetFullPathNameW
FlushInstructionCache
LoadLibraryW
CreateFileW
GetVersion
GetEnvironmentVariableA
SetLastError
SetEvent
OpenEventA
CreateProcessA
CreateEventA
GetTickCount
GetCurrentThreadId
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
TerminateThread
IsDBCSLeadByte
lstrcpynA
CreateThread
GetModuleHandleA
lstrcmpiA
GetProcessHeap
HeapFree
InterlockedDecrement
InterlockedIncrement
lstrcatA
GetModuleFileNameA
lstrlenA
lstrcpyA
GetLastError
QueryPerformanceCounter
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
SuspendThread
TerminateProcess
ExpandEnvironmentStringsA
SearchPathA
GetLongPathNameA
GetShortPathNameA
GetCurrentDirectoryA
GetSystemDirectoryA
DeviceIoControl
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
OpenProcess
CreateDirectoryA
GetPrivateProfileStringA
GetFileAttributesExA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceExA
GetTempPathA
FindResourceA
SizeofResource
LoadResource
LockResource
CreateFileA
WriteFile
CloseHandle
HeapAlloc
OpenMutexA
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LoadLibraryA
InterlockedExchange
ReadProcessMemory
GetLogicalDrives
GetDriveTypeA
GetPrivateProfileSectionA
CreateFileMappingW
FindFirstFileW
SetFileAttributesW
GetFileInformationByHandle
GetWindowsDirectoryW
GetWindowsDirectoryA
GetFileTime
MoveFileW
CopyFileW
CopyFileA
FindNextFileW
FindNextFileA
GetFileType
RemoveDirectoryW
CreateDirectoryW
RemoveDirectoryA
MoveFileExA
lstrcmpA

user32

DefWindowProcA
CharNextA
PtInRect
UnionRect
SetWindowPos
GetParent
EndPaint
GetClientRect
DestroyWindow
PostMessageA
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ReleaseDC
GetDC
LoadBitmapA
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetKeyState
IsWindow
InvalidateRect
ShowWindow
SendMessageA
SetFocus
IsChild
UnregisterClassA
BeginPaint
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateWindowExA
GetFocus

gdi32

LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
GetObjectA
CreateCompatibleDC
SelectObject
StretchBlt
DeleteObject
GetDeviceCaps
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateDCA

advapi32

RegCreateKeyA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegQueryInfoKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegGetKeySecurity
RegSetKeySecurity
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
GetFileSecurityA
GetFileSecurityW
SetFileSecurityA
SetFileSecurityW
RegOpenKeyA

shell32

SHGetFolderPathA
SHGetFileInfoA

ole32

CoInitialize
CoCreateGuid
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateOleAdviseHolder
CreateDataAdviseHolder
CoTaskMemAlloc
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
StringFromCLSID
CoCreateInstance
CoUninitialize
StringFromGUID2
CoTaskMemFree

oleaut32

VariantInit
VarUI4FromStr
VariantChangeType
SetErrorInfo
CreateErrorInfo
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi

shlwapi

PathFileExistsA
SHDeleteKeyA
SHDeleteKeyW
PathRemoveFileSpecA
PathSkipRootA
PathFindExtensionA

msvcp71

?_Nomemory@std@@YAXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
wctype
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

msvcr71

memset
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
_strnicmp
_strupr
strchr
_mbscmp
malloc
free
_resetstkoflw
_except_handler3
_CxxThrowException
??3@YAXPAX@Z
wcsncpy
_mbschr
__CxxFrameHandler
??_V@YAXPAX@Z
_purecall
realloc
_wcsicmp
_mbsrchr
_vscprintf
vsprintf
memmove
atoi
sprintf
_snprintf
_snscanf
rand
srand
time
_mbsnbcpy
_mbsicmp
_ultoa
strncmp
_strlwr
_msize
_mbsupr
wcsncmp
wcschr
wcslen
_itoa
_gcvt
_fpclass
_i64toa
_ui64toa
_snwprintf
_strtoi64
_strtoui64
_errno
_HUGE
strtod
wcscmp
_wtoi
iswspace
_mbsinc
_ismbcspace
_mbsstr
_mbsicoll
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
isdigit
isspace
isxdigit
localtime
tolower
isalnum
strncpy
toupper
fclose
fread
ftell
fseek
fopen
fwrite
strrchr
strstr
_stricmp
swscanf
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
_isctype
wctomb
_strdup
_mbslwr
_mbsnbicmp
_ismbcalpha

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetSetOptionA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetAttemptConnect
InternetCrackUrlA
HttpAddRequestHeadersA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetDllAutoHelpObject
GetDllAutoHelpObjectEx
REClearROT
RECreateObjectLoader
RECreateROT
REGetClassObject

Sections

.text
Size: 864KB - Virtual size: 861KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a1708cd7dbcd395780c2ccd3d716021

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

version

wininet

Exports

Exports

Sections

.text Size: 864KB - Virtual size: 861KB

.rdata Size: 124KB - Virtual size: 121KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 56KB - Virtual size: 54KB

.text
Size: 864KB - Virtual size: 861KB

.rdata
Size: 124KB - Virtual size: 121KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 56KB - Virtual size: 54KB