972e445ac91206bb19610c6482b25e60d7c8e92a55f781db80c1102f0be2d4ce

Sharing

Copy URL

Twitter E-mail

General

Target

972e445ac91206bb19610c6482b25e60d7c8e92a55f781db80c1102f0be2d4ce
Size

135KB
MD5

66a83baf63f4a90a653991ebe0824810
SHA1

30a44b7cd48706c475f11d13b7e91b5a776affc6
SHA256

972e445ac91206bb19610c6482b25e60d7c8e92a55f781db80c1102f0be2d4ce
SHA512

6b843d1a2460ab6f597c1e8aa62cc80f31f0055d3147fcac04950f9d952bf83fdfe0141926961a41f837a2ae39b6ce8fdf990768e8efcb8217e39ec53f08e5e8
SSDEEP

3072:yerxUE/43AJiOtucAIGpkI8sHmxdFZJLsuO:CAJiOt5AVknsHmxP

Score

N/A

Malware Config

Signatures

Files

972e445ac91206bb19610c6482b25e60d7c8e92a55f781db80c1102f0be2d4ce
.exe windows x86

f660b896e24c800f46c8604b4af8ce7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

common

??4CTXStringW@@QAEAAV0@PA_W@Z
?SetBugReportFlag@TXBugReport@@YAHK@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?SetBugReportUin@TXBugReport@@YAXK@Z
?CombineQNC@FS@@YA?AVCTXStringW@@PB_W0@Z
?SetMainAndLogicMsgLoop@Misc@Util@@YAXPAVMessageLoopForUI@AsyncTask@@PAVMessageLoop@4@@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??0CTXStringW@@QAE@ABV0@@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
??ACTXStringW@@QBE_WH@Z
??0CTXStringW@@QAE@PB_W@Z
?Append@CTXStringW@@QAEXPB_W@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?Format@CTXStringW@@QAAXPB_WZZ
?GetLength@CTXStringW@@QBEHXZ
??BCTXStringW@@QBEPB_WXZ
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
??1CTXStringW@@QAE@XZ
?FlushLog@TXLog@@YAXXZ
?IsFileExist@FS@@YAHPB_W@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??0CTXStringW@@QAE@PA_W@Z
??8@YA_NPB_WABVCTXStringW@@@Z
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?GetLCID@NLS@@YAKXZ
?GetSession@TXLog@@YAKXZ
?MinimzeMemory@Sys@Util@@YAXXZ
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??8@YA_NABVCTXStringW@@PB_W@Z
?ClearDeadQueue@Misc@Util@@YAXXZ
??0CTXStringW@@QAE@XZ
?OnExitWinMain@Misc@Util@@YAXXZ
?SafeLoadLibrary@Sys@Util@@YAPAUHINSTANCE__@@PB_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ

processsession

?Start@CTXOPChannel@@QAEHPB_W@Z
?SendReply@CTXOPChannel@@QAEHKKPBEI@Z
?GetConnectCount@CTXOPChannel@@QAEIXZ
?Run@CTXOPChannel@@EAEIXZ
??0CTXOPChannel@@QAE@XZ
??1CTXOPChannel@@UAE@XZ
?AddSink@CTXOPChannel@@QAEXPAUITXOPChanelSysSink@@@Z
?Listen@CTXOPChannel@@QAEHXZ

wininet

InternetErrorDlg

asynctask

?StartWithOptions@Thread@AsyncTask@@QAE_NABUOptions@12@@Z
??1MessageLoopForUI@AsyncTask@@UAE@XZ
??0MessageLoopForUI@AsyncTask@@QAE@XZ
?Run@MessageLoopForUI@AsyncTask@@QAEXXZ
??1AtExitManager@AsyncTask@@QAE@XZ
??1Thread@AsyncTask@@UAE@XZ
?RegisterCallback@AtExitManager@AsyncTask@@SAXP6AXPAX@Z0@Z
??0AtExitManager@AsyncTask@@QAE@XZ
??0Thread@AsyncTask@@QAE@PBD@Z
?Release@Lock@AsyncTask@@QAEXXZ
??1Lock@AsyncTask@@QAE@XZ
?Acquire@Lock@AsyncTask@@QAEXXZ
??0Lock@AsyncTask@@QAE@XZ

kernel32

VirtualProtect
SetLastError
GetTickCount
GetCurrentThreadId
GetTempPathW
CreateDirectoryW
CreateFileW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
SetUnhandledExceptionFilter
GetProcAddress
OpenMutexW
GetCurrentProcessId
CloseHandle
CreateMutexW
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
lstrlenW
FreeLibrary
ResumeThread
CreateThread
WideCharToMultiByte
Sleep
SetThreadPriority
DeviceIoControl
InterlockedExchange
GetSystemTimeAsFileTime
IsDebuggerPresent
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
FlushInstructionCache

user32

SetTimer
KillTimer
PostQuitMessage

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

OleInitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
OleUninitialize
CoUninitialize

msvcp80

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr80

_cexit
__CxxFrameHandler3
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
??3@YAXPAX@Z
_time64
??2@YAPAXI@Z
__argc
__wargv
_purecall
wcsrchr
memset
??_V@YAXPAX@Z
__iob_func
wcsncpy_s
srand
wcscat_s
_snprintf_s
free
memcpy
malloc
strlen
strncpy_s
_stricmp
fprintf
rand
isalnum
wcslen
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
tolower
memcmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_CxxThrowException
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale

ws2_32

htonl
socket
htons
recvfrom
ntohs
getaddrinfo
WSACleanup
inet_ntoa
closesocket
setsockopt
sendto
WSAGetLastError
WSAStartup
inet_addr

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses
GetIpForwardTable

netapi32

Netbios

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f660b896e24c800f46c8604b4af8ce7a

Headers

DLL Characteristics

File Characteristics

Imports

common

processsession

wininet

asynctask

kernel32

user32

advapi32

shell32

ole32

msvcp80

msvcr80

ws2_32

iphlpapi

netapi32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 72KB - Virtual size: 72KB