27c82030d89aa8a9bde8e50b1b13b39df387f89a0ce4d04f094dde15aeb44123

Sharing

Copy URL Twitter E-mail

General

Target

27c82030d89aa8a9bde8e50b1b13b39df387f89a0ce4d04f094dde15aeb44123
Size

545KB
MD5

395305cd2cdc44543fe5a06317c200e1
SHA1

bcda8536e00f102b9a8363c60fe973d939228a75
SHA256

27c82030d89aa8a9bde8e50b1b13b39df387f89a0ce4d04f094dde15aeb44123
SHA512

75ee61d649d80143bec5b1b11dc212b3f853a89c1168a4be84f2bb6e6e533e782624640f15184c03c2c85dbcff3a68bc1e0202243ae5e1b323aed9fcbd890695
SSDEEP

6144:mo3nSufTFYHFwn9h2Kt8AfXswETyW4Pi3+L9uaXm5QRVA2dITSggghi:bXSKTFYHFSj1CwETf4M+j25WA2dITSf

Score

1^/10

Malware Config

Signatures

Files

27c82030d89aa8a9bde8e50b1b13b39df387f89a0ce4d04f094dde15aeb44123
.dll regsvr32 windows x86

6ccb2c8e98669e1c49478ccdae8356ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetVersionExA
DeviceIoControl
GetTickCount
Sleep
GetFileAttributesA
SetFilePointer
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
CopyFileA
GetPrivateProfileSectionNamesA
GetEnvironmentVariableA
ReadProcessMemory
VirtualProtect
GetVolumeInformationA
GlobalUnlock
GlobalLock
LocalFree
FormatMessageA
HeapFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
ResumeThread
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
GetTempPathA
LoadLibraryA
lstrcatA
lstrcpyA
lstrcpynA
HeapDestroy
IsDBCSLeadByte
FindResourceA
lstrcmpiA
LoadLibraryExA
FreeLibrary
LoadResource
SizeofResource
GetPrivateProfileSectionA
SetErrorMode
GetModuleFileNameW
SetLastError
DebugBreak
OutputDebugStringA
lstrlenA
InterlockedIncrement
lstrcpyW
MultiByteToWideChar
WriteFile
CloseHandle
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
GetLastError
WideCharToMultiByte
CreateThread
WriteProcessMemory
GetCurrentProcess
lstrlenW
InterlockedDecrement
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
DisableThreadLibraryCalls
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection

user32

GetSubMenu
DialogBoxParamA
GetClientRect
DestroyWindow
GetFocus
SetFocus
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
wsprintfA
LoadCursorA
UpdateWindow
GetClassInfoExA
BeginPaint
MessageBoxA
CharUpperA
EnableWindow
SendMessageA
CharNextA
IsWindowVisible
SetRectEmpty
DefWindowProcA
DestroyIcon
GetWindow
GetParent
GetWindowTextA
MoveWindow
ScreenToClient
GetWindowRect
DrawIconEx
CopyRect
SetCursor
LoadIconA
CallWindowProcA
PtInRect
IsRectEmpty
DispatchMessageA
TranslateMessage
GetKeyState
SetWindowPos
GetSysColor
OffsetRect
InflateRect
DrawTextA
FillRect
EndDialog
ShowWindow
SetWindowTextA
IsWindow
GetDlgItem
RegisterClassExA
InvalidateRect
SetWindowLongA
GetWindowLongA
EndPaint
wvsprintfA
SetRect
LoadStringA
CharLowerA
CheckMenuItem
EnableMenuItem
GetAsyncKeyState
CallNextHookEx
GetActiveWindow
PostMessageA
FindWindowExA
ReleaseDC
SetCapture
SystemParametersInfoA
GetDesktopWindow
FindWindowA
AdjustWindowRect
GetCursorPos
MapWindowPoints
CharNextW
LoadImageA
GetMenuStringA
LoadMenuA
GetClassInfoA
ReleaseCapture
SetForegroundWindow
RedrawWindow
SetTimer
GetDC
CreatePopupMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
KillTimer

gdi32

DeleteDC
LineTo
MoveToEx
DeleteObject
CreatePen
GetStockObject
SelectObject
SetBkMode
CreateSolidBrush
SetBkColor
GetObjectA
IntersectClipRect
CreateFontIndirectA
Rectangle
SetPixelV
SetTextColor
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
TextOutA
CreateBitmap

advapi32

EnumDependentServicesA
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCloseKey
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemFree
RevokeDragDrop
ReleaseStgMedium
CoGetClassObject
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
CoUninitialize

oleaut32

VariantChangeType
VarUI4FromStr
SysStringByteLen
VariantInit
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VariantCopy
GetErrorInfo
SetErrorInfo

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA
SHDeleteKeyA
StrStrIA

urlmon

CoInternetGetSession

msvcrt

_stricmp
_purecall
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_fullpath
_endthreadex
_mbsnbcmp
_memicmp
_beginthread
_endthread
_local_unwind2
printf
tolower
strncat
fgets
_vsnprintf
_CxxThrowException
atol
fwrite
wcsstr
strcmp
fseek
ftell
toupper
isxdigit
isalnum
abs
_mbsnbcpy
_beginthreadex
localtime
_mbsicmp
fread
_mbsrchr
_mbstok
malloc
_wcsicmp
fopen
fputs
fclose
_except_handler3
_strnicmp
strncpy
_strlwr
strstr
wcscmp
memset
strrchr
strcat
_stat
_snprintf
time
srand
rand
sprintf
strcpy
strchr
strlen
_mbschr
_ismbcspace
_mbsnbicmp
memcmp
free
memmove
_mbscmp
realloc
??2@YAPAXI@Z
memcpy
atoi
_ismbcdigit
wcslen
??3@YAXPAX@Z
__CxxFrameHandler
_mbsstr
_wcsnicmp
_strcmpi

wininet

HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetSetFilePointer
HttpQueryInfoA
FindNextUrlCacheEntryA
HttpOpenRequestA
InternetConnectA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheGroup
DeleteUrlCacheGroup
FindFirstUrlCacheGroup

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetNetworkParams

ws2_32

gethostname
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Install
Uninstall

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ccb2c8e98669e1c49478ccdae8356ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

msvcrt

wininet

setupapi

version

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 289KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 24KB - Virtual size: 60KB

.idata Size: 16KB - Virtual size: 12KB

.rsrc Size: 176KB - Virtual size: 173KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 292KB - Virtual size: 289KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 24KB - Virtual size: 60KB

.idata
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 176KB - Virtual size: 173KB

.reloc
Size: 20KB - Virtual size: 19KB