6d92798ad57190c7a31c8d2d51581bd35c12045e19702d4f1fc9817b2e5f02fd

Sharing

Copy URL Twitter E-mail

General

Target

6d92798ad57190c7a31c8d2d51581bd35c12045e19702d4f1fc9817b2e5f02fd
Size

562KB
MD5

21ff8e76dd491ab50c8ba51d719f2224
SHA1

fe3a69c2111b0f9a59a39df161e3c66a0deb2f7e
SHA256

6d92798ad57190c7a31c8d2d51581bd35c12045e19702d4f1fc9817b2e5f02fd
SHA512

c3091103a72eed90c54f1203b605e01596651d3997c1ecd6168754b412d1a7201a10d7dd24cd79d58b4bc6e438de4efb8b0b7a1f14482badaf2d563a66e441f3
SSDEEP

6144:V0e4LxDTvNAh+JZpZJpQDP++UPtrVJ7+49uiRVpf/HRBy2moh5QbMxVBokahb9Ad:V0e4LxDjSkLZ4D2+U7FxKocsOkXj

Score

1^/10

Malware Config

Signatures

Files

6d92798ad57190c7a31c8d2d51581bd35c12045e19702d4f1fc9817b2e5f02fd
.dll regsvr32 windows x64

66b2dca963fc4bb4891b3e52f11009e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TerminateProcess
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
LoadLibraryW
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
FindResourceW
GetVersionExW
lstrcpynW
ReadConsoleW
SetEndOfFile
WriteConsoleW
SetFilePointerEx
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
CreateDirectoryW
FindClose
lstrlenW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ReadFile
GetModuleFileNameW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
WriteFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcess
QueryPerformanceCounter
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

InsertMenuW
InsertMenuItemW
SetMenuItemInfoW
DestroyIcon
DrawIconEx
wsprintfW
CreatePopupMenu
GetSystemMetrics
LoadStringW
SetMenuInfo

advapi32

RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

shell32

DragQueryFileW
SHGetSpecialFolderPathW

ole32

ReleaseStgMedium
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

shlwapi

PathAppendW
PathFileExistsW
StrStrIW
PathFindExtensionW
PathRemoveFileSpecW

gdiplus

GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipGetImageHeight
GdipFree
GdipCloneBitmapAreaI
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateHICONFromBitmap

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66b2dca963fc4bb4891b3e52f11009e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

gdiplus

Exports

Exports

Sections

.text Size: 227KB - Virtual size: 226KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 201KB - Virtual size: 200KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 227KB - Virtual size: 226KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 201KB - Virtual size: 200KB

.reloc
Size: 4KB - Virtual size: 3KB