403fb03a3a3c4e7a6c06c3bbbd5a7de6c0f231d69313cc7236eb787654c3a2fe

Sharing

Copy URL Twitter E-mail

General

Target

403fb03a3a3c4e7a6c06c3bbbd5a7de6c0f231d69313cc7236eb787654c3a2fe
Size

312KB
MD5

0d120d7752a87a13beeac5b1f8cb6020
SHA1

a922bddd01799bbba87bcf6c6bde0a629141308e
SHA256

403fb03a3a3c4e7a6c06c3bbbd5a7de6c0f231d69313cc7236eb787654c3a2fe
SHA512

8920378c95b6a2853b936148772d7e2088a8e97520c5033428a9793a51af43ba7884f99219f5b7127d065cae98e7fe9bdf94af97aa3cbbd9f8e84647d873f9f7
SSDEEP

6144:lU+MFOxtUn4HyONOlPKOgQe9soG8E74/6IL54I78TkQWs12/:atOxtU2y0OlP/rc6IJ8TkQfQ

Score

N/A

Malware Config

Signatures

Files

403fb03a3a3c4e7a6c06c3bbbd5a7de6c0f231d69313cc7236eb787654c3a2fe
.dll windows x86

8f472cb33021b83722664d5ecd2070e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libxmlmain

TDXmlMainCreateInstance

libskinui

?SetResize@CResize@@IAEXPAVCWnd@@ABVCRealRect@@VCRect@@@Z
??1CTooltipEx@@UAE@XZ
??0CTooltipEx@@QAE@XZ
?AddTool@CTooltipEx@@QAEHPAVCWnd@@IPBUtagRECT@@I@Z
?Create@CTooltipEx@@QAEHPAVCWnd@@@Z
?RelayEvent@CTooltipEx@@QAEXPAUtagMSG@@@Z
?OnSize@CTransDialog@@IAEXIHH@Z
??0CTransRadioButton@@QAE@XZ
??1CTransRadioButton@@UAE@XZ
?SetResize@CResize@@QAEXINNNN@Z
??0CTransCheckBox@@QAE@XZ
??1CTransCheckBox@@UAE@XZ
??1CTransDialog@@UAE@XZ
??1CTransGroupBox@@UAE@XZ
??0CTransGroupBox@@QAE@XZ
?OnInitDialog@CTransDialog@@MAEHXZ
??0CTransDialog@@QAE@IPAVCWnd@@@Z
?GetThisMessageMap@CTransDialog@@KGPBUAFX_MSGMAP@@XZ
?DoDataExchange@CTransDialog@@MAEXPAVCDataExchange@@@Z

libnet30

??1CNetworkEvent@@UAE@XZ
??1CUDPSocket@@UAE@XZ
?Destroy@CNetworkEvent@@QAEHXZ
?Destroy@CUDPSocket@@QAEHXZ
?Receive@CUDPSocket@@QAEHPBXKAAKAAVCIpAddress@@@Z
??0CIpAddress@@QAE@XZ
?GetHandle@CNetworkEvent@@QBEQAXXZ
?Send@CUDPSocket@@QAEHPBXKAAKABVCIpAddress@@@Z
?Select@CNetworkEvent@@QAEHIJ@Z
?GetHandle@CUDPSocket@@QBE?BIXZ
?SetTTL@CUDPSocket@@QAEHH@Z
?SetLoopback@CUDPSocket@@QAEHH@Z
??0CNetworkEvent@@QAE@XZ
?Create@CNetworkEvent@@QAEHXZ
?Initialize@CSocketUtils@@SAHXZ
??0CUDPSocket@@QAE@XZ
??0CIpAddress@@QAE@KG@Z
?Create@CUDPSocket@@QAEHABVCIpAddress@@@Z
??1CIpAddress@@UAE@XZ
?IsMulticastAddress@CIpAddress@@QBEHXZ
?JoinMulticastGroup@CUDPSocket@@QAEHAAVCIpAddress@@@Z
?IsBroadcastAddress@CIpAddress@@QBEHXZ
?EnableBroadcast@CUDPSocket@@QAEHXZ
?SetSendBufferSize@CUDPSocket@@QAEHH@Z
?SetRecvBufferSize@CUDPSocket@@QAEHH@Z

libnfc10

?SetSessionInfo@CAckSession@@UAEHKGKK@Z
?Run@CAckSession@@UAEHXZ
NfcUninitialize
?Stop@CAckSession@@UAEXXZ
?Send@CAckSession@@UAEHPAKKPAXK1@Z
?CancelSend@CAckSession@@UAEXXZ
?GetLastSendResult@CAckSession@@UAEXPAKAAK@Z
?RecvThreadProc@CAckSession@@MAEKXZ
?SendThreadProc@CAckSession@@MAEKXZ
??0CAckSession@@QAE@XZ
??1CAckSession@@UAE@XZ
NfcInitialize

mfc80

ord1655
ord3684
ord3210
ord1656
ord1964
ord5175
ord1362
ord4967
ord1482
ord1185
ord3204
ord3180
ord6286
ord1160
ord1181
ord5719
ord1192
ord5320
ord5921
ord5401
ord5414
ord347
ord266
ord5588
ord602
ord5523
ord2368
ord5647
ord5727
ord6037
ord5888
ord6057
ord911
ord4161
ord6054
ord3161
ord5608
ord907
ord6060
ord5611
ord2527
ord781
ord6297
ord5331
ord501
ord709
ord3891
ord4244
ord297
ord5642
ord1279
ord3255
ord5637
ord6062
ord4035
ord304
ord3596
ord1280
ord6120
ord762
ord1187
ord4104
ord330
ord589
ord1794
ord1892
ord1774
ord5744
ord2494
ord3182
ord4262
ord5203
ord1401
ord5912
ord6724
ord6119
ord1551
ord1670
ord1671
ord2020
ord4890
ord5182
ord2164
ord2657
ord784
ord1873
ord4580
ord6067
ord4735
ord4212
ord354
ord605
ord3641
ord5640
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord3683
ord6276
ord3801
ord6278
ord4014
ord4038
ord566
ord757
ord3830
ord1069
ord2248
ord314
ord6754
ord6090
ord3333
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord2272
ord3328
ord2987
ord754
ord3680
ord3799
ord2878
ord5868
ord2884
ord6236
ord620
ord2264
ord1966
ord4125
ord3167
ord2407
ord2412
ord2389
ord922
ord1554
ord4233
ord1546
ord5833
ord4096
ord1484
ord1933
ord657
ord4353
ord6266
ord5059
ord1397
ord4508
ord3195
ord2306
ord2259
ord3302
ord3214
ord1599
ord1558
ord1637
ord5639
ord642
ord658
ord3651
ord2794
ord3875
ord3879
ord4109
ord3108
ord2271
ord5866
ord433
ord2866
ord667
ord317
ord3230
ord584
ord1434
ord4238
ord2092
ord3201
ord298
ord1063
ord5097
ord2703
ord6310
ord1564
ord1452
ord2532
ord2321
ord2867
ord556
ord416
ord6752
ord744
ord651
ord380
ord5493
ord2702
ord2370
ord1647
ord1589
ord3315
ord739
ord1880
ord1425
ord5613
ord6065
ord6282
ord3337
ord2346
ord1580
ord2371
ord5403
ord1565
ord6144
ord1955
ord385
ord630
ord2021
ord3088
ord2168
ord2747
ord1781
ord2095
ord4100
ord1591
ord2094
ord4240
ord3244
ord3317
ord741
ord1283
ord2468
ord764
ord265
ord3345
ord765
ord315
ord1037
ord1092
ord1206
ord1208
ord1098
ord371
ord1917
ord1167
ord1120
ord1201
ord1175
ord1177
ord1209
ord581
ord326
ord6277
ord3802
ord6279
ord1522
ord3163
ord3287
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord578
ord2075
ord2537
ord2731
ord1934
ord2835
ord1903
ord1545
ord4307
ord6725
ord2714
ord5915
ord2862
ord2654
ord1620
ord2540
ord1908
ord1617
ord2646
ord5200
ord2322
ord3946
ord2533
ord2372
ord1402
ord3718
ord4232
ord3719
ord5152
ord3709
ord5073
ord2644
ord6275
ord3949
ord587
ord4185
ord4486
ord1123
ord5214
ord4261
ord502
ord572
ord3164
ord760
ord3761
ord310
ord3403
ord4722
ord2991
ord4282
ord4001
ord5731
ord1600
ord4123
ord5960
ord5641
ord5235
ord4951
ord1084
ord5233
ord923
ord2367
ord928
ord4236

msvcr80

rand
memcpy_s
_splitpath
_makepath
free
atoi
_ismbcdigit
_itoa
strncpy
feof
fread
strncmp
fclose
fwrite
_access
fopen
memcpy
__CxxFrameHandler3
memset
_CxxThrowException
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal

kernel32

LeaveCriticalSection
Sleep
FormatMessageA
CloseHandle
WaitForSingleObject
SetEvent
ResetEvent
WaitForMultipleObjects
GetTickCount
SetThreadPriority
CreateThread
CreateEventA
EnterCriticalSection
ReleaseSemaphore
CreateSemaphoreA
LocalFree
LocalAlloc
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetThreadLocale
GetLocaleInfoA
GetACP
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
GetVersionExA
GetProcAddress
GetModuleHandleA
WinExec
GetLastError
SetLastError
lstrcpyA
lstrlenA
lstrcmpA
LoadLibraryA
OutputDebugStringA
GetFileAttributesA
GetSystemDefaultLangID
GetModuleFileNameA

user32

GetFocus
LoadIconA
GetWindowRect
LoadMenuA
GetSubMenu
wsprintfA
LoadBitmapA
ScreenToClient
BringWindowToTop
LoadCursorA
DefWindowProcA
DrawEdge
GetClassInfoA
IsWindow
GrayStringA
SystemParametersInfoA
DrawTextExA
IsWindowVisible
TabbedTextOutA
UpdateWindow
SetRect
ReleaseDC
DrawTextA
GetDC
ClientToScreen
SetCapture
GetCapture
DrawStateA
DestroyCursor
GetParent
InvalidateRect
SendMessageA
PostMessageA
DrawFocusRect
IsRectEmpty
WindowFromPoint
LoadImageA
ReleaseCapture
PtInRect
SetTimer
RedrawWindow
SetCursor
GetWindowLongA
FillRect
CopyRect
GetClientRect
GetAsyncKeyState
FrameRect
GetSystemMetrics
OffsetRect
KillTimer
InflateRect
EnableWindow
GetCursorPos
GetSysColor

gdi32

CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
GetTextExtentPoint32A
GetCurrentObject
PtVisible
CreateBitmap
TextOutA
CreateCompatibleBitmap
CreateFontA
Escape
PatBlt
Rectangle
CreateRectRgnIndirect
GetTextMetricsA
GetStockObject
GetObjectA
RectVisible
ExtTextOutA
DeleteObject

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

ole32

CoInitialize
CoUninitialize

ws2_32

listen
accept
ioctlsocket
select
__WSAFDIsSet
recv
WSAGetLastError
socket
setsockopt
bind
htons
connect
closesocket
WSACleanup
inet_addr
WSAStartup

Exports

Exports

QuizSrv_AddMember
QuizSrv_RemoveMember
QuizSrv_Start
QuizSrv_Stop

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f472cb33021b83722664d5ecd2070e7

Headers

File Characteristics

Imports

libxmlmain

libskinui

libnet30

libnfc10

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 76KB - Virtual size: 75KB

.reloc Size: 16KB - Virtual size: 15KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 76KB - Virtual size: 75KB

.reloc
Size: 16KB - Virtual size: 15KB

.rmnet
Size: 60KB - Virtual size: 60KB