41e753e41915a939e4f07cf6f631474979d89ecd87e8834777af03a0c50ce773

Sharing

Copy URL Twitter E-mail

General

Target

41e753e41915a939e4f07cf6f631474979d89ecd87e8834777af03a0c50ce773
Size

909KB
MD5

9e38cdbeb126411ad954f2aa5956fb00
SHA1

1f9d8353bdecfad8500ecc21228af2dec17b570d
SHA256

41e753e41915a939e4f07cf6f631474979d89ecd87e8834777af03a0c50ce773
SHA512

d87748350a87c06abc66ad169d35ba9a845639fe6e4e3f4c070cc2f4b668321604523ecdcc93f8b850d5377babf34e8947a2c0667f7d64622f308e0f61207cbf
SSDEEP

12288:XlH+8IXhqtGVM5UGkrdkYgkwNwbHEXAoZjtM9xlTfLgodKfkS1XJHcvMqCL9dTgO:XV+8IXhL2TZGS1XJXTiVI3uamnu

Score

1^/10

Malware Config

Signatures

Files

41e753e41915a939e4f07cf6f631474979d89ecd87e8834777af03a0c50ce773
.dll regsvr32 windows x86

0a66f45b9c142ae5963fa5b366544594

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
GetVersionExW
LocalFree
LocalAlloc
CreateMutexW
CreateFileMappingW
ReleaseMutex
GetCurrentProcess
GetVersion
GetCurrentDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
TerminateProcess
Process32NextW
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDriveTypeW
SleepEx
GetTickCount
QueryPerformanceCounter
LoadLibraryA
FindFirstFileExW
GetFileInformationByHandle
LoadLibraryW
SetEndOfFile
FileTimeToSystemTime
FileTimeToLocalFileTime
GetModuleHandleA
lstrlenA
FormatMessageA
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
VerifyVersionInfoW
SetEnvironmentVariableA
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetModuleFileNameA
GetFileType
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
FindClose
FindNextFileW
FindFirstFileW
SetFileAttributesW
DeleteFileW
MoveFileExW
WriteFile
lstrcpynW
GetCurrentThreadId
GetLocalTime
SetLastError
GetFileAttributesW
WideCharToMultiByte
InitializeCriticalSection
OutputDebugStringW
CreateDirectoryW
UnmapViewOfFile
MapViewOfFile
CreateFileW
ReadFile
LockResource
GetCurrentProcessId
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
FindResourceW
GetModuleFileNameW
InterlockedExchange
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcAddress
DisableThreadLibraryCalls
FreeLibrary
InterlockedDecrement
InterlockedIncrement
DecodePointer
EncodePointer
GetModuleHandleW
CreateEventW
CloseHandle
Sleep
WaitForSingleObject
ResetEvent
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetFullPathNameW
GetCommandLineA
IsProcessorFeaturePresent
ExitThread
CreateThread
GetStringTypeW
IsDebuggerPresent
SetEvent
InterlockedCompareExchange
SystemTimeToTzSpecificLocalTime

user32

DispatchMessageW
PostMessageW
DefWindowProcW
CreateWindowExW
IsWindow
DestroyWindow
GetWindowLongW
SetWindowLongW
CharNextW
FindWindowA
SendMessageTimeoutW
GetWindowThreadProcessId
PeekMessageW
TranslateMessage
GetMessageW

advapi32

CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptAcquireContextW
RegFlushKey
FreeSid
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptDestroyKey

shell32

SHBindToParent
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize

oleaut32

SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VariantClear
LoadRegTypeLi
VarBstrCmp
SysAllocString

shlwapi

PathFileExistsW
PathAddBackslashW
UrlIsW
StrRetToStrW
StrCmpNIW
StrRetToBufW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

ntdll

RtlUnwind
VerSetConditionMask

ws2_32

WSAStartup
getsockopt
closesocket
WSASetLastError
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
recvfrom
sendto
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
setsockopt
recv
bind
WSACleanup
socket

wldap32

ord147
ord167
ord142
ord27
ord14
ord216
ord79
ord26
ord301
ord133
ord46
ord41
ord127
ord145
ord208
ord118

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a66f45b9c142ae5963fa5b366544594

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

iphlpapi

ntdll

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 656KB - Virtual size: 655KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 22KB - Virtual size: 37KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 656KB - Virtual size: 655KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 22KB - Virtual size: 37KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 43KB - Virtual size: 43KB