873a779b854818248ebe23b57931f3bd1bfb308501dde75383f523bce6f47f57

Sharing

Copy URL Twitter E-mail

General

Target

873a779b854818248ebe23b57931f3bd1bfb308501dde75383f523bce6f47f57
Size

183KB
MD5

2ba37c9b5a0770e738e05b5e959f03f0
SHA1

2e5a4ff9f84b108d729b5aee8a343b63e3bd4875
SHA256

873a779b854818248ebe23b57931f3bd1bfb308501dde75383f523bce6f47f57
SHA512

1ca22b0b098d6919af29532b1242bbdf6496f1aa0285ef78f66a7aaffbbfb87c9ccf7cf13fbb944d01b06b6ff1ce7c9d7b495549bdbb60dc020db9a20a535253
SSDEEP

3072:4UtHfcC9iKDABah+V1yfXO5dK9hMfFGemlUnmnPfh1GH:7tUC9fDABahO1sOng6dV4XRw

Score

N/A

Malware Config

Signatures

Files

873a779b854818248ebe23b57931f3bd1bfb308501dde75383f523bce6f47f57
.exe windows x86

6789188682b171332aa28985a286600f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

common

??BCTXStringW@@QBEPB_WXZ
?SetUseUtf8Head@CTXHttpDownload@@QAEXH@Z
?SetUIInterface@CTXHttpDownload@@QAEXPAVCTXHttpDownloadSink@@@Z
?TXAssert@@YAHPB_W0H@Z
?MoveDownloadFile@CTXHttpDownload@@QAEHPB_WH@Z
?CombineQNC@FS@@YA?AVCTXStringW@@PB_W0@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
??0CTXStringW@@QAE@PB_W@Z
?GetLastModifyTime@CTXHttpDownload@@QAEHAAU_SYSTEMTIME@@@Z
?GetDownloadedFilePath@CTXHttpDownload@@QAEHAAVCTXStringW@@@Z
??0CTXStringW@@QAE@XZ
??1CTXBSTR@@QAE@XZ
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
??BCTXBSTR@@QBEPA_WXZ
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??H@YA?AVCTXStringW@@_WABV0@@Z
??0CTXStringW@@QAE@PA_W@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?InitNetwork@Network@Util@@YAHXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
?OnUninitCom@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
??1CTXStringA@@QAE@XZ
??0CTXBSTR@@QAE@PB_W@Z
?Utf8ToWS@Convert@Util@@YA?AVCTXStringW@@PBDH@Z
?GetString@CTXStringW@@QBEPB_WXZ
??8@YA_NPB_WABVCTXBSTR@@@Z
?Length@CTXBSTR@@QBEIXZ
??ICTXBSTR@@QAEPAPA_WXZ
??0CTXBSTR@@QAE@XZ
??8CTXBSTR@@QBE_NPB_W@Z
?IsEmpty@CTXBSTR@@QAEHXZ
??H@YA?AVCTXStringW@@PB_WABV0@@Z
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
?Format@CTXStringW@@QAAXPB_WZZ
??9CTXBSTR@@QBE_NPB_W@Z
?Format@CTXStringA@@QAAXPBDZZ
??0CTXStringA@@QAE@XZ
??M@YA_NABVCTXStringA@@0@Z
??0CTXHttpDownload@@QAE@XZ
??0CTXHttpDownloadSink@@IAE@XZ
??1CTXHttpDownload@@UAE@XZ
??1CTXStringW@@QAE@XZ
??1CTXHttpDownloadSink@@UAE@XZ
?Download@CTXHttpDownload@@QAEHPB_WPAU_SYSTEMTIME@@0HPA_J@Z

gf

?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z
?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z
?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0H@Z

kernel32

InitializeCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
SetEnvironmentVariableW
GetEnvironmentVariableW
GetModuleFileNameW
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
SetEvent
LoadLibraryW
CreateProcessW
OpenProcess
GetCurrentProcessId
lstrlenW
GetSystemTimeAsFileTime
GetCommandLineW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
DeleteCriticalSection
RaiseException
IsDebuggerPresent
GetCurrentDirectoryW
LeaveCriticalSection
EnterCriticalSection

user32

SendMessageW
wsprintfW
PostMessageW
SetWindowPos
ShowWindow
CallWindowProcW
SetWindowLongW
PostThreadMessageW
UnregisterClassA
SetWindowTextW

shell32

ShellExecuteW

ole32

CoInitialize
OleUninitialize
CoCreateInstance
OleInitialize
CoUninitialize

oleaut32

SysStringLen
LoadRegTypeLi
LoadTypeLi
SysFreeString

atl80

ord64
ord31
ord30
ord58
ord32

msvcp80

?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$allocator@D@std@@QAE@XZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z

msvcr80

__wgetmainargs
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
??3@YAXPAX@Z
__CxxFrameHandler3
_CxxThrowException
swprintf_s
memset
free
??_V@YAXPAX@Z
wcsrchr
_time64
wcscpy_s
_wtoi
setlocale
wcstombs
mbstowcs
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
memcpy_s
_strtoui64
strcpy_s
strtoul
isdigit
atoi
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
_configthreadlocale
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
__set_app_type

tinyxml

?GetText@TiXmlElement@@QBEPBDXZ
?NextSibling@TiXmlNode@@QAEPAV1@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
??1TiXmlDocument@@UAE@XZ
?FirstChild@TiXmlNode@@QAEPAV1@PBD@Z
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
??0TiXmlDocument@@QAE@XZ
?Attribute@TiXmlElement@@QBEPBDPBD@Z

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6789188682b171332aa28985a286600f

Headers

File Characteristics

Imports

comctl32

common

gf

kernel32

user32

shell32

ole32

oleaut32

atl80

msvcp80

msvcr80

tinyxml

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 84KB - Virtual size: 84KB