3d56d5098719d83b22c162ae66e0b1da29f616ff2282699aff8aae71476e9e16

Sharing

Copy URL

Twitter E-mail

General

Target

3d56d5098719d83b22c162ae66e0b1da29f616ff2282699aff8aae71476e9e16
Size

784KB
MD5

7898cb38442c7fcfc0097aa927362600
SHA1

55357c1f6107da9d8da6243284045ff35286dd12
SHA256

3d56d5098719d83b22c162ae66e0b1da29f616ff2282699aff8aae71476e9e16
SHA512

1c79ffcc7e29bcf354ffa4e51933ecc3c850f30a8b7dd742dfc659665b36b46e8370f41e01510a44a47c1e2b84a176ffafae7fc7ed5bad7cd2d71efc1dfcc79e
SSDEEP

24576:tGF2+vcuGh434ZmtB9DvIgK8amIoJUEb:Ypf34ZyXIgK8XIK9

Score

N/A

Malware Config

Signatures

Files

3d56d5098719d83b22c162ae66e0b1da29f616ff2282699aff8aae71476e9e16
.dll windows x86

2893cd6882f1a46a51002c83647d5e95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_snwprintf
strcspn
wcscspn
_strcmpi
_wcslwr
_strnicmp
wcsrchr
strcat
strtoul
strcpy
calloc
_beginthreadex
_wcsicmp
isalnum
_itoa
swprintf
_vsnprintf
towlower
wcstol
_errno
wcstoul
rand
realloc
_wcsdup
strncpy
fclose
fwrite
localtime
_vsnwprintf
fopen
wcsncat
strncmp
wcsncmp
wcsstr
wcsncpy
_wcsnicmp
wcschr
qsort
exit
_iob
fprintf
wcscmp
swscanf
sprintf
wcslen
_pctype
isspace
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_CxxThrowException
__CxxFrameHandler
strstr
sscanf
_wtoi
malloc
toupper
strcmp
tolower
memchr
strchr
memcmp
??8type_info@@QBEHABV0@@Z
time
_strdup
srand
_stricmp
??2@YAPAXI@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??3@YAXPAX@Z
_purecall
memset
memcpy
strlen
free
memmove

kernel32

GetPrivateProfileStringW
ResetEvent
InterlockedCompareExchange
GetVersionExA
VirtualProtect
VirtualFree
VirtualQuery
GetSystemInfo
GetStringTypeW
LCMapStringA
LCMapStringW
GetUserDefaultLCID
GetStringTypeA
LocalFree
DisableThreadLibraryCalls
lstrcpyW
lstrcpynW
SizeofResource
LoadLibraryExW
LoadResource
FindResourceW
GetEnvironmentVariableW
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileTime
CopyFileW
GetSystemTime
WaitForSingleObject
CreateProcessW
CreateEventW
SetEvent
GetTimeZoneInformation
CloseHandle
GetCurrentThreadId
GetTempPathW
CreateFileW
ReadFile
GetFileSize
FileTimeToSystemTime
OutputDebugStringW
SystemTimeToFileTime
GetLocaleInfoA
GetModuleHandleW
InitializeCriticalSection
LoadLibraryW
GetVersionExW
GetFileAttributesW
GetModuleFileNameW
GetACP
RaiseException
InterlockedExchange
GetLastError
SetLastError
GetThreadLocale
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
OutputDebugStringA
GetVersion
GetComputerNameA
WideCharToMultiByte
TerminateThread
Sleep
lstrlenW
lstrlenA
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
lstrcmpW
lstrcmpiW
ExitProcess

xprt5

?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??0TBstr@XPRT@@QAE@GH@Z
?AppendFileNameToSpec@TFile@XPRT@@SA?AVTBstr@2@PBG0@Z
?TestAccess@TFile@XPRT@@SA_NPBGI@Z
xprt_ucslcpy
?Add@TPtrArray@XPRT@@QAEHPAX@Z
xprt_iswdigit
kSystemEncoding
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?MakeLower@TBstr@XPRT@@QAEAAV12@XZ
?Find@TBstr@XPRT@@QBEHPBGH@Z
?Append@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?TrimLeft@TBstr@XPRT@@QAEAAV12@XZ
?TrimRight@TBstr@XPRT@@QAEAAV12@XZ
?TrimRight@TBstr@XPRT@@QAEAAV12@G@Z
?GetAt@TBstr@XPRT@@QBEGH@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Replace@TBstr@XPRT@@QAEHPBG0@Z
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
?IsEmpty@TBstr@XPRT@@QBE_NXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?Copy@TBstr@XPRT@@QBEPAGXZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
xprt_memset
xprt_memmove
xprt_strcmp
??1TPtrArray@XPRT@@QAE@XZ
??0TPtrArray@XPRT@@QAE@XZ
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
_XprtUninitialize@0
_XprtInitialize@8
xprt_strlen
xprt_memcpy
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
_XprtAtomicDecrement@4
_XprtAtomicIncrement@4
??0TMessageDigest@XPRT@@QAE@XZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
?Left@TBstr@XPRT@@QBE?AV12@H@Z
?Find@TBstr@XPRT@@QBEHGH@Z
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Compare@TBstr@XPRT@@QBEHPBG@Z
_XprtMemAlloc@4
??0TBstr@XPRT@@QAE@ABV01@@Z
?Empty@TBstr@XPRT@@QAEXXZ
?Append@TBstr@XPRT@@QAEAAV12@PBDHPBG@Z
?GetLength@TBstr@XPRT@@QBEHXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
_XprtMemFree@4
??0TBstr@XPRT@@QAE@XZ
?GetString@TBstr@XPRT@@QBEPBGXZ
?Format@TBstr@XPRT@@QAAXPBGZZ
??0TBstr@XPRT@@QAE@PBG@Z
??1TBstr@XPRT@@QAE@XZ
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
_XprtStringLen@4

ws2_32

gethostbyname
connect
inet_ntoa
WSAStartup
inet_addr
WSAGetLastError
getservbyport
WSACleanup
recv
socket
getservbyname
closesocket
send
ntohl
htons
gethostbyaddr
ntohs
htonl

wininet

InternetOpenW
HttpSendRequestW
InternetErrorDlg
InternetGetCookieW
InternetOpenUrlW
InternetSetCookieW
HttpEndRequestW
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestExA
HttpOpenRequestW
HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoW
InternetCloseHandle
InternetOpenA
InternetConnectW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharLowerW
LoadStringA
SetTimer
KillTimer
MessageBoxW
PostQuitMessage
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
SetCursor
LoadStringW
CharUpperA
CharLowerA
CharNextW
PostThreadMessageW
GetCursor

advapi32

GetUserNameA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyA
RegSetValueExW
RegCreateKeyExW
CryptGetHashParam
CryptAcquireContextW
CryptCreateHash
CryptHashData
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW

ole32

StringFromCLSID
CreateBindCtx
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoRegisterMessageFilter

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayCopy
SafeArrayDestroy
SafeArrayUnlock
SafeArrayCreate
SafeArrayLock
VariantInit
VariantChangeType
VariantClear
VariantCopy
VarUI4FromStr
SysAllocStringLen
SysAllocString
SysFreeString

Exports

Exports

EEGetModuleInterop
GetAT
GetAccountType

Sections

.text
Size: 475KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2893cd6882f1a46a51002c83647d5e95

Headers

File Characteristics

Imports

msvcrt

kernel32

xprt5

ws2_32

wininet

version

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 475KB - Virtual size: 474KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 51KB - Virtual size: 58KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 61KB - Virtual size: 61KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 475KB - Virtual size: 474KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 51KB - Virtual size: 58KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 61KB - Virtual size: 61KB

.rmnet
Size: 56KB - Virtual size: 60KB