0119be634e488058593358c71ee835dd94124a7202e03aa9c62f52d21681f03d

Sharing

Copy URL

Twitter E-mail

General

Target

0119be634e488058593358c71ee835dd94124a7202e03aa9c62f52d21681f03d
Size

423KB
MD5

3e08c0e69fc1bbd36b2bb09086fd30ad
SHA1

10f4ca6c28c6ed0cdff0f248989ee5e6e9bbc895
SHA256

0119be634e488058593358c71ee835dd94124a7202e03aa9c62f52d21681f03d
SHA512

9f504024aaad0d5c03c75461495e480ee882891b91c3f51dcd8d868ca7d9fc7f54c26785e465a3575a18e582541e490451fd1bf20ce2767e09904539ba8aaf21
SSDEEP

6144:jMGDDQvmwEUXOHxoKBI0X3QAIxmxDwx3yBV+7a6FSNlXwRzHCrIy:jRgvmwytXgAIywwBVyXRk

Score

1^/10

Malware Config

Signatures

Files

0119be634e488058593358c71ee835dd94124a7202e03aa9c62f52d21681f03d
.dll regsvr32 windows x64

285ab512f33a74f465ae0b67dd8ee2ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
ExitProcess
CreateThread
WaitForSingleObject
GetFileSize
CloseHandle
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
LoadLibraryA
LoadLibraryW
GetModuleFileNameA
GetModuleHandleExW
CreateProcessW
GetCommandLineW
OutputDebugStringA
OutputDebugStringW
FindResourceExW
CreateFileA
CreateFileW
HeapCreate
AllocConsole
AttachConsole
GetConsoleWindow
ReadConsoleW
ReadFile
SetEndOfFile
WriteConsoleW
SetFilePointerEx
SetStdHandle
VirtualAllocExNuma
VirtualQuery
VirtualProtect
VirtualAlloc
DisableThreadLibraryCalls
LockResource
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcAddress
GetStringTypeW
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetFileType
GetStdHandle
FreeLibrary
DecodePointer
WideCharToMultiByte
EncodePointer
LCMapStringW
GetACP
RtlUnwindEx
RtlPcToFileHeader
IsDebuggerPresent
QueryPerformanceCounter
DuplicateHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetCurrentThread
GetCurrentThreadId
TryEnterCriticalSection
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
TerminateProcess
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualFree
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx

user32

wsprintfW
CharNextW
ShowWindow

advapi32

CryptDeriveKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
OpenSCManagerW
EnumServicesStatusExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptGetHashParam
CryptSetKeyParam
CryptDestroyKey
RegCloseKey
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
GetUserNameW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW

shell32

CommandLineToArgvW

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
VarUI4FromStr
SysFreeString
UnRegisterTypeLi

shlwapi

ord157
PathRemoveFileSpecA
StrStrIA

psapi

EnumProcessModules
GetModuleFileNameExA

crypt32

CertGetNameStringW
CryptVerifyMessageSignature
CertFreeCertificateContext

netapi32

NetWkstaGetInfo
NetApiBufferFree

ntdll

NtCreateFile
RtlCreateUnicodeString
NtFlushInstructionCache

imagehlp

ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

285ab512f33a74f465ae0b67dd8ee2ff

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

crypt32

netapi32

ntdll

imagehlp

Exports

Exports

Sections

.text Size: 285KB - Virtual size: 285KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 10KB - Virtual size: 17KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 285KB - Virtual size: 285KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 10KB - Virtual size: 17KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB