4d9cea5ffc6f837ce5f787a5b2f952a650056a5920b5157d4f33dc29572a55f6

Sharing

Copy URL Twitter E-mail

General

Target

4d9cea5ffc6f837ce5f787a5b2f952a650056a5920b5157d4f33dc29572a55f6
Size

138KB
MD5

42ed4a98d796450d607e89c42ce95620
SHA1

105456441de75ad5ec693d801cd126dabafadc83
SHA256

4d9cea5ffc6f837ce5f787a5b2f952a650056a5920b5157d4f33dc29572a55f6
SHA512

9ed1f39dd7ab96f03e5def814c0842f9e67c67f54134f14b4b19158ab4a97e91c3ce2df32d96c9564f4a226193878e48655ec289cdc6f8615f06b5df7ba5f612
SSDEEP

3072:MhzF9pGwQB6zadt6TyxOADzQLDhHOt/N1QqzuAUt/ZqDseAIPecllXT5M:MZLGB0UjDzQLtOt/N12xsaIWc2

Score

N/A

Malware Config

Signatures

Files

4d9cea5ffc6f837ce5f787a5b2f952a650056a5920b5157d4f33dc29572a55f6
.dll windows x86

0a1e274f540d32041229d3ea2f99c98e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

xlluaruntime

luaL_ref
XLLRT_ReleaseEnv
XLLRT_RegisterGlobalObj
luaL_checkudata
lua_getfield
lua_tolstring
XLLRT_LuaCall
lua_setfield
lua_pushstring
lua_createtable
lua_rawgeti
XLLRT_GetEnv
lua_pushvalue
lua_pushboolean
lua_type
lua_settop

kernel32

QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetVersionExW
GetProcAddress
GetModuleHandleW
GetSystemInfo
GetCurrentProcess
GetLogicalDrives
Sleep
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
CloseHandle
EnterCriticalSection
GetTickCount
GetCurrentThreadId
RaiseException
SetLastError
FlushInstructionCache
CreateFileW
WriteFile
DeleteFileW
WideCharToMultiByte
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
LeaveCriticalSection

user32

UnregisterClassA
RegisterWindowMessageW
DefWindowProcW
DestroyWindow
GetSystemMetrics
wsprintfW
PostMessageW
CallWindowProcW
GetWindowLongW
SetWindowLongW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW

advapi32

RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
VariantInit
SysFreeString

msvcp90

?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z

msvcr90

_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
strlen
free
_CxxThrowException
memmove_s
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
__CxxFrameHandler3
_recalloc
??3@YAXPAX@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
swprintf_s
sqrt
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memset
_snwprintf
swscanf
_wtoi
setlocale
wcscmp
memcpy
_waccess
_beginthreadex
_itoa

Exports

Exports

ThunderModule_Init
ThunderModule_Uninit

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0a1e274f540d32041229d3ea2f99c98e

Headers

File Characteristics

Imports

xlluaruntime

kernel32

user32

advapi32

ole32

oleaut32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 4KB - Virtual size: 4KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 4KB - Virtual size: 4KB

.rmnet
Size: 56KB - Virtual size: 60KB