835f0cad96e2c016e18b554d37d15184f0ce2e5246ccb884c8ce12ccc992907b

Sharing

Copy URL Twitter E-mail

General

Target

835f0cad96e2c016e18b554d37d15184f0ce2e5246ccb884c8ce12ccc992907b
Size

528KB
MD5

61d411565d61bde3682faba5296ce93e
SHA1

3eb81e9293beac23def6bbba7136bf453ebed1fa
SHA256

835f0cad96e2c016e18b554d37d15184f0ce2e5246ccb884c8ce12ccc992907b
SHA512

cf477d60f798fbd55e11e34d506d3bd6b4953afcd5aa6a9a916ebc2f22ef7e8486e928decd17596a2157b98b44a06d304d48fcf6374b871a0e834ad0e35a2cb1
SSDEEP

12288:MbHvVKjkN8Oi3C0eYAwXrgpcHkPFcbSsZ9g754t:Mb9+e0eYlXrghFcbpZt

Score

N/A

Malware Config

Signatures

Files

835f0cad96e2c016e18b554d37d15184f0ce2e5246ccb884c8ce12ccc992907b
.dll windows x86

0e439f75ab484d1ca7b7c40a1ed452a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
FreeLibrary
CompareStringA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetLastError
SetLastError
ExitProcess
ResetEvent
GetModuleHandleA
InterlockedExchange
GetVersionExA
CloseHandle
ReleaseMutex
OpenMutexW
CreateMutexW
GetVersion
OutputDebugStringW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InterlockedCompareExchange
SetEvent

ole32

CoRegisterMessageFilter
CoUninitialize
CreateBindCtx
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayUnlock
SafeArrayCreate
SafeArrayLock
SafeArrayCopy
SafeArrayDestroy
VariantInit
VariantChangeType
SysAllocString
VarCmp
VariantCopy
VariantClear

xprt5

_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
?Replace@TBstr@XPRT@@QAEHGG@Z
?Normalize@TBstr@XPRT@@QAEAAV12@XZ
?MakeUpper@TBstr@XPRT@@QAEAAV12@XZ
_XprtHexToBin@16
_XprtMemAlloc@4
??0TAesCipher@XPRT@@QAE@W4ECipherOp@TCipher@1@PBEH@Z
?SetMode@TBlockCipher@XPRT@@QAEXW4ECipherMode@12@@Z
?SetIv@TBlockCipher@XPRT@@QAEXPBE@Z
?ProcessData@TBlockCipher@XPRT@@UAEHPAEH_N@Z
??1TAesCipher@XPRT@@UAE@XZ
??0TMd5Digest@XPRT@@QAE@H@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
?Empty@TBstr@XPRT@@QAEXXZ
xprt_snprintf
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Append@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?GetTickCount@TTime@XPRT@@SA?AV12@XZ
?GetSecond@TTime@XPRT@@QBEHXZ
?GetMinute@TTime@XPRT@@QBEHXZ
?GetHour@TTime@XPRT@@QBEHXZ
?GetYear@TTime@XPRT@@QBEHXZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
?GetMonth@TTime@XPRT@@QBEHXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Find@TBstr@XPRT@@QBEHPBGH@Z
xprt_memset
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Format@TBstr@XPRT@@QAAXPBGZZ
?GetLength@TBstr@XPRT@@QBEHXZ
_XprtMemFree@4
_XprtCompareString@8
_XprtFreeString@4
_XprtAllocString@4
?Add@TPtrArray@XPRT@@QAEHPAX@Z
?RemoveAt@TPtrArray@XPRT@@QAEXHH@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??0TBstr@XPRT@@QAE@XZ
??1TPtrArray@XPRT@@QAE@XZ
??0TPtrArray@XPRT@@QAE@XZ
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?Compare@TBstr@XPRT@@QBEHPBG@Z
??0TBstr@XPRT@@QAE@ABV01@@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
?GetString@TBstr@XPRT@@QBEPBGXZ
??0TBstr@XPRT@@QAE@PBG@Z
??0TFile@XPRT@@QAE@XZ
??1TFile@XPRT@@UAE@XZ
?IsOpen@TFile@XPRT@@QBE_NXZ
?Open@TFile@XPRT@@QAE_NPBGI_N@Z
_XprtUninitialize@0
_XprtInitialize@8
xprt_strlen
xprt_memcpy
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
??0TMessageDigest@XPRT@@QAE@XZ
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
kSystemEncoding
??1TBstr@XPRT@@QAE@XZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?Lock@TSpinLock@XPRT@@QAEXXZ
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?GetAt@TBstr@XPRT@@QBEGH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
_XprtAtomicDecrement@4
xprt_memmove
xprt_strcmp
_XprtAtomicIncrement@4
_XprtMemRealloc@8
?Assign@TBstr@XPRT@@QAEAAV12@PBGH@Z
?Replace@TBstr@XPRT@@QAEHPBG0@Z
??0TBstr@XPRT@@QAE@PBDHPBG@Z
?Left@TBstr@XPRT@@QBE?AV12@H@Z
_XprtStringUtf8ByteLen@8
_XprtStringToUtf8@16
?Find@TBstr@XPRT@@QBEHGH@Z
_XprtStringByteLen@8
?ReverseFind@TBstr@XPRT@@QBEHG@Z
?TrimRight@TBstr@XPRT@@QAEAAV12@G@Z
?GetTime64@TTime@XPRT@@QBE_JXZ
?Right@TBstr@XPRT@@QBE?AV12@H@Z
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
_XprtBinToBase64@16
_XprtBase64ToBin@12
?GetDay@TTime@XPRT@@QBEHXZ
xprt_iswdigit

msvcrt

_itoa
_adjust_fdiv
_initterm
_onexit
__dllonexit
_snwprintf
qsort
realloc
abort
calloc
rand
strtok
strchr
sscanf
strcmp
fflush
gmtime
fprintf
printf
isprint
exit
strncpy
malloc
memcmp
strcat
strcpy
memcpy
_iob
sprintf
strlen
_purecall
wcscpy
difftime
wcslen
isalpha
memmove
_vsnprintf
time
srand
_tzset
_ftime
getenv
atoi
??3@YAXPAX@Z
free
??2@YAPAXI@Z
memset
_except_handler3
_strdup

ws2_32

ntohs
WSAStartup
WSAGetLastError
gethostname
inet_ntoa
WSACleanup
gethostbyname
htonl
inet_addr

wininet

InternetCrackUrlW
InternetSetOptionW
InternetCloseHandle
HttpQueryInfoA
InternetConnectW
InternetOpenW
InternetQueryDataAvailable
InternetReadFileExA
HttpSendRequestW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
InternetInitializeAutoProxyDll

user32

DestroyWindow
MsgWaitForMultipleObjects
TranslateMessage
SetTimer
KillTimer

advapi32

RegCloseKey

Exports

Exports

EEGetModuleInterop

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e439f75ab484d1ca7b7c40a1ed452a4

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

xprt5

msvcrt

ws2_32

wininet

user32

advapi32

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 286KB

.rdata Size: 100KB - Virtual size: 96KB

.data Size: 24KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 824B

.reloc Size: 44KB - Virtual size: 40KB

.text Size: 64KB - Virtual size: 64KB

.text
Size: 288KB - Virtual size: 286KB

.rdata
Size: 100KB - Virtual size: 96KB

.data
Size: 24KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 824B

.reloc
Size: 44KB - Virtual size: 40KB

.text
Size: 64KB - Virtual size: 64KB