6d2261a0c98d82b4b873ab91402d5b53b23250a340cc2df747f0b1d0af1096f6

Sharing

Copy URL

Twitter E-mail

General

Target

6d2261a0c98d82b4b873ab91402d5b53b23250a340cc2df747f0b1d0af1096f6
Size

184KB
MD5

b04d0d5694845142b22df6001c5e7a3d
SHA1

512d7b72d57a956c198cbda0d3e04729965cbc78
SHA256

6d2261a0c98d82b4b873ab91402d5b53b23250a340cc2df747f0b1d0af1096f6
SHA512

bc9cc5668442de15bc4dae7e139b089a1cd680017728375297bec8d170e41581d61b0e0aecd652ba46906c396983508000bfe6fbe6ea5e7d082346106531e76a
SSDEEP

3072:PU971q8UKh81UAoYd7bM8c7EL1igbh6fULBhdp5EvwOBKu2A9ZgW1vk3:P6D25d7bM8cYRBhr9bEoOBkAYgM

Score

N/A

Malware Config

Signatures

Files

6d2261a0c98d82b4b873ab91402d5b53b23250a340cc2df747f0b1d0af1096f6
.exe windows x86

d0ee2b51ab2c5635d646f9e340653b3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

common

??0CTXStringW@@QAE@ABV0@@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
??YCTXStringW@@QAEAAV0@_W@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
??9@YA_NABVCTXStringW@@_W@Z
??9@YA_NABVCTXStringW@@PB_W@Z
?GetLength@CTXStringW@@QBEHXZ
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?IsEmpty@CTXStringW@@QBE_NXZ
??ACTXStringW@@QBE_WH@Z
?Replace@CTXStringW@@QAEH_W0@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
?Right@CTXStringW@@QBE?AV1@H@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??BCTXStringW@@QBEPB_WXZ
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?TXLoadString@@YAPB_WPB_W0@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
??0CTXStringA@@QAE@XZ
??1CTXStringA@@QAE@XZ
??M@YA_NABVCTXStringA@@0@Z
?Format@CTXStringA@@QAAXPBDZZ
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??0CTXBSTR@@QAE@XZ
??4CTXBSTR@@QAEAAV0@ABV0@@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
??1CTXBSTR@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??M@YA_NABVCTXStringW@@0@Z
?Format@CTXStringW@@QAAXPB_WZZ
?Find@CTXStringW@@QBEHPB_WH@Z
ord34
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?StartThread@CTXThreadModel@@QAEHXZ
??0CTXStringW@@QAE@PB_W@Z
??0CTXThreadModel@@IAE@XZ
??1CTXThreadModel@@MAE@XZ
??0CTXStringW@@QAE@PA_W@Z
??0CTXBSTR@@QAE@PB_W@Z
??0CTXBSTR@@QAE@ABV0@@Z
?GetTickCount@CTXTime@@SA?AV1@XZ
?GetTime@CTXTime@@QBE_JXZ
ord26
?FlushLog@TXLog@@YAXXZ
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?PropertyStr@CFmtString@@QAEHPB_W0@Z
?PropertyDWord@CFmtString@@QAEHPB_WK0@Z
??0CFmtString@@QAE@XZ
??1CFmtString@@QAE@XZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
??0CTXCommPack@@QAE@XZ
??1CTXCommPack@@UAE@XZ
?GetBufferOut@CTXCommPack@@QAEHAAVCTXBuffer@@@Z
?AddByte@CTXCommPack@@QAEHE@Z
?AddWord@CTXCommPack@@QAEHGH@Z
?AddTLV@CTXCommPack@@QAEHKABVCTXBuffer@@W4TXCommPackDataType@@@Z
?GetRegulatedTime@Time@Util@@YA_NAAJ@Z
??4CTXStringW@@QAEAAV0@_W@Z
??8@YA_NABVCTXStringW@@PB_W@Z
?OnUninitCom@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?AddFmtString@TXStringBundle@@YAXABVCFmtString@@@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?InitPlatformGFConfig@Boot@Util@@YAHXZ
??0CTXStringW@@QAE@XZ
?WaitThread@CTXThreadModel@@QAEHK@Z
??1CTXStringW@@QAE@XZ

gf

?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@PAUITXCore@@H@Z

afutil

?MessageBoxExW@Misc@Util@@YAHPAUIGFFrame@@PA_W1IPAUITXData@@PAPAU4@@Z
?MessageBoxW@Misc@Util@@YAHPAUIGFFrame@@VCTXStringW@@1H@Z

kernel32

CloseHandle
GetModuleFileNameW
GetModuleHandleW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
GetFileAttributesW
DeleteFileW
GetVersionExW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetLastError
Sleep
WriteFile
FindClose
GetSystemTimeAsFileTime
GetTickCount
WritePrivateProfileStringW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
QueryPerformanceCounter
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateMutexW
OpenMutexW
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringW
IsDebuggerPresent
InitializeSListHead

user32

DispatchMessageW
PostMessageW
TranslateMessage
GetMessageW
PostThreadMessageW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleInitialize
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
OleUninitialize

oleaut32

LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

shlwapi

StrCmpIW
StrCmpW

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memcmp
_CxxThrowException
_except_handler4_common
__std_exception_copy
__std_exception_destroy
__std_terminate
memset
__CxxFrameHandler3
_purecall

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_invalid_parameter_noinfo_noreturn
_c_exit
_register_thread_local_exe_atexit_callback
__p___wargv
__p___argc
_controlfp_s
_initialize_wide_environment
terminate

api-ms-win-crt-string-l1-1-0

wcslen

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d0ee2b51ab2c5635d646f9e340653b3e

Headers

DLL Characteristics

File Characteristics

Imports

common

gf

afutil

kernel32

user32

shell32

ole32

oleaut32

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 75KB - Virtual size: 76KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 75KB - Virtual size: 76KB