df8b6665a8c30d0138e15e4ba4d58485fe5af57b094c300d9d6368e63139aae2

Sharing

Copy URL Twitter E-mail

General

Target

df8b6665a8c30d0138e15e4ba4d58485fe5af57b094c300d9d6368e63139aae2
Size

205KB
MD5

4ebe71537011286effd0f6da0d77f580
SHA1

feae37023c23c83ca8c7e1d275b6e1589f562342
SHA256

df8b6665a8c30d0138e15e4ba4d58485fe5af57b094c300d9d6368e63139aae2
SHA512

f96acb8c5ee796ad59696e2953a135b578e0a66de2d53293b5b94c1a739b7919291fcef4fd9914fdedc5ac8fd9300632611e7842e18aae1304f1c6929912d4aa
SSDEEP

6144:lmolVSAf14d+s2OiTr/EmXSVI2rJ3vBaOx:lmkVY+b/E02rJZr

Score

N/A

Malware Config

Signatures

Files

df8b6665a8c30d0138e15e4ba4d58485fe5af57b094c300d9d6368e63139aae2
.exe windows x86

2285aea6c93fe1081d06d98850f47cd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

common

??0CTXHttpDownloadSink@@IAE@XZ
?OnConnecting@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@PB_W@Z
?OnConnected@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@@Z
?OnDownloadStart@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@KK@Z
?OnRedirected@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@PB_W@Z
?OnError@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@K@Z
?CancelDownload@CTXHttpDownload@@QAEXXZ
?Download@CTXHttpDownload@@QAEHPB_WPAU_SYSTEMTIME@@0HPA_J@Z
?ConvertToPureFile@FS@@YA?AVCTXStringW@@PB_W@Z
?GetDownloadedFilePath@CTXHttpDownload@@QAEHAAVCTXStringW@@@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??1CTXBSTR@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
??ICTXBSTR@@QAEPAPA_WXZ
?IsEmpty@CTXBSTR@@QAEHXZ
??0CTXBSTR@@QAE@PB_W@Z
??0CTXBSTR@@QAE@XZ
?Format@CTXStringA@@QAAXPBDZZ
??0CTXStringA@@QAE@XZ
??M@YA_NABVCTXStringA@@0@Z
?LogTaskStart@Misc@Util@@YAKPB_W@Z
?LogTaskEnd@Misc@Util@@YAXK@Z
??1CUnZipFile@@QAE@XZ
?UnZipFile@CUnZipFile@@QAE_NABVCTXStringW@@0@Z
??0CUnZipFile@@QAE@XZ
??1CFmtString@@QAE@XZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?PropertyDWord@CFmtString@@QAEHPB_WK0@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
??0CTXHttpDownload@@QAE@XZ
?CreateTXArray@Data@Util@@YAHPAPAUITXArray@@@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
?GetMainThreadLoop@Misc@Util@@YAPAVMessageLoopForUI@AsyncTask@@XZ
?IsInitAsyncMsgLoop@Misc@Util@@YAHXZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??H@YA?AVCTXStringW@@_WABV0@@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
?OnUninitCom@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?GetBuffer@CTXStringW@@QAEPA_WXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
?MakeUpper@CTXStringW@@QAEAAV1@XZ
?Empty@CTXStringW@@QAEXXZ
??0CFmtString@@QAE@XZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??0CTXStringW@@QAE@XZ
?EnableQQNetworkSettings@CTXHttpDownload@@QAEHH@Z
?SetEventMask@CTXHttpDownload@@QAEXE@Z
??1CTXHttpDownloadSink@@UAE@XZ
??1CTXHttpDownload@@UAE@XZ
?Format@CTXStringW@@QAAXPB_WZZ
??0CTXStringA@@QAE@PBD@Z
?Replace@CTXStringA@@QAEHPBD0@Z
?Insert@CTXStringA@@QAEHHPBD@Z
??BCTXStringA@@QBEPBDXZ
??1CTXStringA@@QAE@XZ
??4CTXStringW@@QAEAAV0@PA_W@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Right@CTXStringW@@QBE?AV1@H@Z
?Tokenize@CTXStringW@@QBE?AV1@PB_WAAH@Z
?IsEmpty@CTXStringW@@QBE_NXZ
?Compare@CTXStringW@@QBEHPB_W@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
??1CTXStringW@@QAE@XZ
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
??0CTXStringW@@QAE@ABV0@@Z
??0CTXStringW@@QAE@PB_W@Z
??BCTXStringW@@QBEPB_WXZ
??0CTXStringW@@QAE@PA_W@Z
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?SetMainAndLogicMsgLoop@Misc@Util@@YAXPAVMessageLoopForUI@AsyncTask@@PAVMessageLoop@4@@Z
?GetString@CTXStringW@@QBEPB_WXZ
??4CTXStringW@@QAEAAV0@PB_W@Z
?SetUIInterface@CTXHttpDownload@@QAEXPAVCTXHttpDownloadSink@@@Z
?AppendFormat@CTXStringW@@QAAXPB_WZZ
??4CTXStringW@@QAEAAV0@ABV0@@Z
?Left@CTXStringW@@QBE?AV1@H@Z
?GetLength@CTXStringW@@QBEHXZ
?Trim@CTXStringW@@QAEAAV1@XZ
??ACTXStringW@@QBE_WH@Z
?FindOneOf@CTXStringW@@QBEHPB_W@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?SafeLoadLibrary@Sys@Util@@YAPAUHINSTANCE__@@PB_W@Z

gf

?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0H@Z
?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z

asynctask

?PostDelayedTask@MessageLoop@AsyncTask@@QAEXPAVTask@2@_J@Z
?PostTask@MessageLoop@AsyncTask@@QAEXPAVTask@2@@Z
??1LockImpl@AsyncTask@@QAE@XZ
??0LockImpl@AsyncTask@@QAE@XZ
??0AtExitManager@AsyncTask@@QAE@XZ
??0Thread@AsyncTask@@QAE@PBD@Z
??0MessageLoop@AsyncTask@@QAE@W4Type@01@@Z
??_7MessageLoopForUI@AsyncTask@@6B@
?StartWithOptions@Thread@AsyncTask@@QAE_NABUOptions@12@@Z
??1MessageLoop@AsyncTask@@UAE@XZ
??1Thread@AsyncTask@@UAE@XZ
??1AtExitManager@AsyncTask@@QAE@XZ
?Run@MessageLoopForUI@AsyncTask@@QAEXXZ
??1MessageLoopForUI@AsyncTask@@UAE@XZ
?RegisterCallback@AtExitManager@AsyncTask@@SAXP6AXPAX@Z0@Z
?Unlock@LockImpl@AsyncTask@@QAEXXZ
?Lock@LockImpl@AsyncTask@@QAEXXZ

mautility

ord6
ord11
ord5
ord7
ord10
ord8

kernel32

CreateMutexW
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateDirectoryW
GetVolumeInformationW
GetLongPathNameW
GetTempPathW
SetFileAttributesW
GetFileAttributesW
IsBadReadPtr
FindClose
FindFirstFileW
LocalFree
RemoveDirectoryW
FindNextFileW
GetPrivateProfileIntW
TerminateProcess
FreeLibrary
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetProcessHeap
HeapSize
WritePrivateProfileStringW
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
CopyFileW
DeleteFileW
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
WaitForSingleObject
ResumeThread
CloseHandle
GetLastError
GetCommandLineW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemDirectoryW
HeapReAlloc
GetModuleFileNameW
DeleteCriticalSection

user32

GetDesktopWindow
PostMessageW
GetPropW
IsWindow
GetWindow
RemovePropW
PostQuitMessage
LoadIconW
SetPropW
IsIconic
ShowWindow
SetForegroundWindow
SendMessageTimeoutW
AllowSetForegroundWindow
SystemParametersInfoW
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetActiveWindow
IsWindowVisible

advapi32

BuildExplicitAccessWithNameW
RegCloseKey
RegQueryValueExW
RegSetValueExW
SetNamedSecurityInfoW
SetEntriesInAclW
GetUserNameW
RegCreateKeyExW

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree

oleaut32

LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

atl100

ord32
ord31
ord58
ord30

shlwapi

PathFindExtensionW
PathAppendW
PathFindFileNameW
PathRemoveBackslashW
PathFileExistsW
PathAddBackslashW
PathGetArgsW
wnsprintfW

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_crt_debugger_hook
_cexit
__wgetmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_itoa_s
_wfopen_s
_invoke_watson
_controlfp_s
_exit
??3@YAXPAX@Z
memcmp
_CxxThrowException
swprintf_s
free
??_V@YAXPAX@Z
_recalloc
_time64
??2@YAPAXI@Z
__CxxFrameHandler3
memcpy_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
strlen
memcpy
memmove
_purecall
_wtoi
calloc
??0exception@std@@QAE@ABV01@@Z
memset
_beginthreadex
wcslen
_waccess
wcsncpy
malloc
wcscpy_s
wcsncat
wcscmp
atoi
isalpha
isdigit
strchr
isspace
strncmp
fread
fclose
_wtol

wininet

InternetGetConnectedState
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW

rpcrt4

UuidToStringA
UuidCreateSequential
RpcStringFreeA

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.trdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2285aea6c93fe1081d06d98850f47cd2

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

common

gf

asynctask

mautility

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl100

shlwapi

msvcp100

msvcr100

wininet

rpcrt4

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 10KB - Virtual size: 10KB

.trdata Size: 76KB - Virtual size: 76KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 10KB - Virtual size: 10KB

.trdata
Size: 76KB - Virtual size: 76KB