f733fef1908ebfea20dd63770a3aa3dd24d99f3a3a6e9c3ba0df7ef15c65ef0e

Sharing

Copy URL

Twitter E-mail

General

Target

f733fef1908ebfea20dd63770a3aa3dd24d99f3a3a6e9c3ba0df7ef15c65ef0e
Size

200KB
MD5

7d4c4a1308f8122f71ccda1d3f479000
SHA1

22173df093cac64b0766d1c0778665c5426eb564
SHA256

f733fef1908ebfea20dd63770a3aa3dd24d99f3a3a6e9c3ba0df7ef15c65ef0e
SHA512

a20111486f9805328c411525812c7a54f1e33b3f9afbb2a315e35fb92e22c4db4ef763a8ad0081e547ba7db87d891803a99b51933550a4200e8e020658292eef
SSDEEP

3072:opTv8FMT5XFOyc7cpsCBY0aBrxDb2/3Vqpj6AtEl7SxGznSz58vdv0ld:oCcrt+0YzB5bslq5rsAGzSz58p0f

Score

N/A

Malware Config

Signatures

Files

f733fef1908ebfea20dd63770a3aa3dd24d99f3a3a6e9c3ba0df7ef15c65ef0e
.dll windows x86

f42b34900b1f0ec9ab97415e2e070017

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertFindExtension
CertGetEnhancedKeyUsage
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptDecodeObject
CertCreateCertificateChainEngine
CertVerifyTimeValidity
CryptMsgControl
CertGetSubjectCertificateFromStore
CertOpenStore
CryptMsgClose
CryptMsgGetParam
CryptMsgUpdate
CertGetCertificateChain
CryptMsgOpenToDecode

kernel32

GetThreadLocale
WideCharToMultiByte
lstrlenW
GetLastError
GetProcAddress
GetModuleHandleW
CloseHandle
CreateEventW
SetEvent
ResetEvent
InterlockedCompareExchange
GetCurrentThreadId
ExitProcess
DisableThreadLibraryCalls
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

PeekMessageW
KillTimer
TranslateMessage
DispatchMessageW
SetTimer
MsgWaitForMultipleObjects

ole32

CoCreateInstance
CoUninitialize
CoRegisterMessageFilter
CoInitializeEx
CreateBindCtx

oleaut32

SysAllocString
VariantChangeType
VariantCopy
SafeArrayLock
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
VariantClear
VariantInit

xprt5

xprt_strcmp
?Compare@TBstr@XPRT@@QBEHPBG@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
xprt_memmove
_XprtMemAlloc@4
xprt_memset
_XprtAtomicDecrement@4
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?Find@TBstr@XPRT@@QBEHGH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
?GetAt@TBstr@XPRT@@QBEGH@Z
_XprtMemFree@4
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
_XprtMemRealloc@8
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
xprt_iswdigit
?GetLength@TBstr@XPRT@@QBEHXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
??0TMessageDigest@XPRT@@QAE@XZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
xprt_memcpy
xprt_strlen
_XprtInitialize@8
_XprtUninitialize@0
??0TPtrArray@XPRT@@QAE@XZ
??1TPtrArray@XPRT@@QAE@XZ
?Copy@TBstr@XPRT@@QBEPAGXZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
??0TBstr@XPRT@@QAE@ABV01@@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
??0TBstr@XPRT@@QAE@XZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??1TBstr@XPRT@@QAE@XZ
?GetString@TBstr@XPRT@@QBEPBGXZ
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
_XprtAtomicIncrement@4
kSystemEncoding
??0TBstr@XPRT@@QAE@PBDPBG@Z
??0TBstr@XPRT@@QAE@PBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_snwprintf
strcmp
qsort
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_except_handler3
memcpy
_purecall
__CxxFrameHandler

Exports

Exports

EEGetModuleInterop

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f42b34900b1f0ec9ab97415e2e070017

Headers

File Characteristics

Imports

crypt32

kernel32

user32

ole32

oleaut32

xprt5

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 108KB - Virtual size: 108KB