c0537880b79902d0642158e736853d7e6c446fe499d65f4799dd180cacb1316d

Sharing

Copy URL Twitter E-mail

General

Target

c0537880b79902d0642158e736853d7e6c446fe499d65f4799dd180cacb1316d
Size

292KB
MD5

0cb96c932dc7a9d38fc215a5f6dfd0f0
SHA1

233ac8ca426c814c29273c9ce8ec14966370a51e
SHA256

c0537880b79902d0642158e736853d7e6c446fe499d65f4799dd180cacb1316d
SHA512

0523558672ad1b05548646ea104a2375a21526e3206b1919af9a17b0cdde6433787dce92ffbc66c349362308fe0ca72fc2ea1381f74e8640ee47c3e370f6140d
SSDEEP

6144:Nnfufh3kiOwMt7WiO7KlEiaNXcBJ/nzpzSC3Wbx2i+y6:NWhU5t78Vd+zB3WbQ

Score

N/A

Malware Config

Signatures

Files

c0537880b79902d0642158e736853d7e6c446fe499d65f4799dd180cacb1316d
.exe windows x86

f5e5be85ea5385b52d5bb48e4044a033

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

common

?ValidateBugReport@TXBugReport@@YAXXZ
??1CTXStringW@@QAE@XZ
?IsFileExist@FS@@YAHPB_W@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??0CTXStringW@@QAE@PA_W@Z
?FlushLog@TXLog@@YAXXZ
??8@YA_NPB_WABVCTXStringW@@@Z
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??0CTXStringW@@QAE@ABV0@@Z
?GetString@CTXStringW@@QBEPB_WXZ
?Format@CTXStringW@@QAAXPB_WZZ
?GetLength@CTXStringW@@QBEHXZ
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
??ACTXStringW@@QBE_WH@Z
??0CTXStringW@@QAE@PB_W@Z
?Append@CTXStringW@@QAEXPB_W@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
??0CTXStringW@@QAE@XZ
?OnExitWinMain@Misc@Util@@YAXXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
??8@YA_NABVCTXStringW@@PB_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Mid@CTXStringW@@QBE?AV1@H@Z
?SetBugReportUin@TXBugReport@@YAXK@Z
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
??BCTXStringW@@QBEPB_WXZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?SetBugReportFlag@TXBugReport@@YAHK@Z
?SetMainAndLogicMsgLoop@Misc@Util@@YAXPAVMessageLoopForUI@AsyncTask@@PAVMessageLoop@4@@Z
?CombineQNC@FS@@YA?AVCTXStringW@@PB_W0@Z
?GetLCID@NLS@@YAKXZ
??YCTXStringW@@QAEAAV0@PB_W@Z
?GetSession@TXLog@@YAKXZ
??4CTXStringW@@QAEAAV0@PA_W@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?MinimzeMemory@Sys@Util@@YAXXZ
?SafeLoadLibrary@Sys@Util@@YAPAUHINSTANCE__@@PB_W@Z

processsession

?Run@CTXOPChannel@@EAEIXZ
??0CTXOPChannel@@QAE@XZ
?AddSink@CTXOPChannel@@QAEXPAUITXOPChanelSysSink@@@Z
??1CTXOPChannel@@UAE@XZ
?GetConnectCount@CTXOPChannel@@QAEIXZ
?Listen@CTXOPChannel@@QAEHXZ
?Start@CTXOPChannel@@QAEHPB_W@Z
?SendReply@CTXOPChannel@@QAEHKKPBEI@Z

wininet

InternetErrorDlg

asynctask

??0Lock@AsyncTask@@QAE@XZ
?StartWithOptions@Thread@AsyncTask@@QAE_NABUOptions@12@@Z
??1MessageLoopForUI@AsyncTask@@UAE@XZ
?Run@MessageLoopForUI@AsyncTask@@QAEXXZ
??0MessageLoopForUI@AsyncTask@@QAE@XZ
?RegisterCallback@AtExitManager@AsyncTask@@SAXP6AXPAX@Z0@Z
??1AtExitManager@AsyncTask@@QAE@XZ
??1Thread@AsyncTask@@UAE@XZ
??0AtExitManager@AsyncTask@@QAE@XZ
??0Thread@AsyncTask@@QAE@PBD@Z
?Release@Lock@AsyncTask@@QAEXXZ
??1Lock@AsyncTask@@QAE@XZ
?Acquire@Lock@AsyncTask@@QAEXXZ

kernel32

FlushInstructionCache
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
SetUnhandledExceptionFilter
GetProcAddress
GetCurrentProcessId
OpenMutexW
CloseHandle
CreateMutexW
QueryPerformanceCounter
GetCurrentThreadId
GetTickCount
GetTempPathW
GetModuleHandleW
CreateDirectoryW
CreateFileW
InterlockedDecrement
InterlockedIncrement
FreeLibrary
lstrlenW
GetSystemDirectoryW
Sleep
SetThreadPriority
ResumeThread
CreateThread
WideCharToMultiByte
DeviceIoControl
VirtualProtect
InterlockedExchange
GetSystemTimeAsFileTime
IsDebuggerPresent
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetLastError

user32

SetTimer
KillTimer
PostQuitMessage

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

OleInitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
OleUninitialize
CoUninitialize

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

__wgetmainargs
__CxxFrameHandler3
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
??3@YAXPAX@Z
__argc
__wargv
_time64
??2@YAPAXI@Z
_purecall
wcsrchr
memset
wcsstr
??_V@YAXPAX@Z
memcpy
malloc
strlen
strncpy_s
_stricmp
fprintf
rand
__iob_func
srand
wcsncpy_s
wcscat_s
_snprintf_s
free
_invalid_parameter_noinfo
isalnum
wcslen
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
tolower
memcmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
_CxxThrowException
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e

ws2_32

inet_ntoa
sendto
WSAGetLastError
getaddrinfo
htonl
closesocket
inet_addr
WSACleanup
WSAStartup
ntohs
recvfrom
setsockopt
socket
htons

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetIpForwardTable

netapi32

Netbios

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.T�
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f5e5be85ea5385b52d5bb48e4044a033

Headers

DLL Characteristics

File Characteristics

Imports

common

processsession

wininet

asynctask

kernel32

user32

advapi32

shell32

ole32

msvcp80

msvcr80

ws2_32

iphlpapi

netapi32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 504B

.T� Size: 232KB - Virtual size: 232KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 504B

.T�
Size: 232KB - Virtual size: 232KB