97b0b6f0922985038a178cdf6a511e35748d07c8f8d4c0b18b08610c2075f52d

Sharing

Copy URL Twitter E-mail

General

Target

97b0b6f0922985038a178cdf6a511e35748d07c8f8d4c0b18b08610c2075f52d
Size

208KB
MD5

0771118f7af5c062275ea380f3265420
SHA1

ab676514931a61aad8f1b7f2a1df380214ece266
SHA256

97b0b6f0922985038a178cdf6a511e35748d07c8f8d4c0b18b08610c2075f52d
SHA512

b56da8d9412a3fec4da4538dc5fead54a55915fe840aff823253e2b585db66d481f4fad8bd90cf929ed6f4e894e4f959484a4adb7745a45334b4f6d7befd8fde
SSDEEP

3072:nNlosWW4RKBz/hJqyFyDydHr4r71/nLjeUacHOAnRx/l0pwCfXNP+XOoO+dKkYj:TosEuqysOFrqeUaSOAnzSp5fXhg

Score

N/A

Malware Config

Signatures

Files

97b0b6f0922985038a178cdf6a511e35748d07c8f8d4c0b18b08610c2075f52d
.dll windows x86

7eae64e91f3c71b4e7330c6fdb624431

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetCookieA
InternetQueryOptionA

ws2_32

WSAStartup
select
__WSAFDIsSet
recv
send
gethostbyname
inet_addr
htons
inet_ntoa
ioctlsocket
connect
setsockopt
closesocket
ntohs
socket

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
UnmapViewOfFile
GetCurrentProcessId
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
ResetEvent
Sleep
CloseHandle
CreateEventA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary
GetTickCount
GetCurrentThreadId
GetLocalTime
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
SetEvent
WaitForSingleObject
GetLastError

msvcr80

??0exception@std@@QAE@XZ
__CxxFrameHandler3
_mbsrchr
memset
_snprintf_s
_purecall
strncpy
atol
_invalid_parameter_noinfo
_vsnprintf_s
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_atoi64
_snprintf
strncat
_time32
memmove_s
_endthreadex
_beginthreadex
sprintf_s
strchr
strncmp
_beginthread
isalpha
atoi
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove
memcpy
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??3@YAXPAX@Z
strstr

msvcp80

?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z

Exports

Exports

??0IHttpFile@@QAE@ABV0@@Z
??0IHttpFile@@QAE@XZ
??1IHttpFile@@UAE@XZ
??4IHttpFile@@QAEAAV0@ABV0@@Z
??_7IHttpFile@@6B@
CreateHttpClient
DeleteHttpClient

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7eae64e91f3c71b4e7330c6fdb624431

Headers

File Characteristics

Imports

wininet

ws2_32

kernel32

msvcr80

msvcp80

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.rmnet
Size: 60KB - Virtual size: 60KB