9741b9f304789000e96cca397865a46c96eb6ec76b4063de4e22510dba06cc78

Sharing

Copy URL Twitter E-mail

General

Target

9741b9f304789000e96cca397865a46c96eb6ec76b4063de4e22510dba06cc78
Size

200KB
MD5

82509a5d7e53e6be0c5fbe47519df6ea
SHA1

14dc5e10890cb2ac99f8b35b64b812788d5688bb
SHA256

9741b9f304789000e96cca397865a46c96eb6ec76b4063de4e22510dba06cc78
SHA512

aa33169605daf26b8bafb91e2476f9db03a95878182aca4b32f9fd2d7bae8ea9d2dbc65cf775d3b303c3b0a8d0df39f55d402b439c634ab9682f0ed070f00eee
SSDEEP

3072:opTv8FMT5XFOyc71toOsr05eTKc65RsgeGqenJ5abpRA53qW69N09SravD:oCcrDrce212/EnJ5Op65ka1vD

Score

N/A

Malware Config

Signatures

Files

9741b9f304789000e96cca397865a46c96eb6ec76b4063de4e22510dba06cc78
.dll windows x86

f42b34900b1f0ec9ab97415e2e070017

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertFindExtension
CertGetEnhancedKeyUsage
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptDecodeObject
CertCreateCertificateChainEngine
CertVerifyTimeValidity
CryptMsgControl
CertGetSubjectCertificateFromStore
CertOpenStore
CryptMsgClose
CryptMsgGetParam
CryptMsgUpdate
CertGetCertificateChain
CryptMsgOpenToDecode

kernel32

GetThreadLocale
WideCharToMultiByte
lstrlenW
GetLastError
GetProcAddress
GetModuleHandleW
CloseHandle
CreateEventW
SetEvent
ResetEvent
InterlockedCompareExchange
GetCurrentThreadId
ExitProcess
DisableThreadLibraryCalls
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

PeekMessageW
KillTimer
TranslateMessage
DispatchMessageW
SetTimer
MsgWaitForMultipleObjects

ole32

CoCreateInstance
CoUninitialize
CoRegisterMessageFilter
CoInitializeEx
CreateBindCtx

oleaut32

SysAllocString
VariantChangeType
VariantCopy
SafeArrayLock
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
VariantClear
VariantInit

xprt5

xprt_strcmp
?Compare@TBstr@XPRT@@QBEHPBG@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
xprt_memmove
_XprtMemAlloc@4
xprt_memset
_XprtAtomicDecrement@4
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?Find@TBstr@XPRT@@QBEHGH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
?GetAt@TBstr@XPRT@@QBEGH@Z
_XprtMemFree@4
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
_XprtMemRealloc@8
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
xprt_iswdigit
?GetLength@TBstr@XPRT@@QBEHXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
??0TMessageDigest@XPRT@@QAE@XZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
xprt_memcpy
xprt_strlen
_XprtInitialize@8
_XprtUninitialize@0
??0TPtrArray@XPRT@@QAE@XZ
??1TPtrArray@XPRT@@QAE@XZ
?Copy@TBstr@XPRT@@QBEPAGXZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
??0TBstr@XPRT@@QAE@ABV01@@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
??0TBstr@XPRT@@QAE@XZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??1TBstr@XPRT@@QAE@XZ
?GetString@TBstr@XPRT@@QBEPBGXZ
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
_XprtAtomicIncrement@4
kSystemEncoding
??0TBstr@XPRT@@QAE@PBDPBG@Z
??0TBstr@XPRT@@QAE@PBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_snwprintf
strcmp
qsort
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_except_handler3
memcpy
_purecall
__CxxFrameHandler

Exports

Exports

EEGetModuleInterop

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f42b34900b1f0ec9ab97415e2e070017

Headers

File Characteristics

Imports

crypt32

kernel32

user32

ole32

oleaut32

xprt5

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 108KB - Virtual size: 108KB