70055f3f39eadb09d48d124d2501a6b9dd0da67a5e6049d0ca2bb0be0fda6398

Sharing

Copy URL Twitter E-mail

General

Target

70055f3f39eadb09d48d124d2501a6b9dd0da67a5e6049d0ca2bb0be0fda6398
Size

129KB
MD5

09975afa3313db1fd3d7b2ef11302380
SHA1

0a60c59991e4d6e57f4548a07e99775ddd30527a
SHA256

70055f3f39eadb09d48d124d2501a6b9dd0da67a5e6049d0ca2bb0be0fda6398
SHA512

eac5d55804703b3738efa70b5d3aaad0d69541b03dc0e5106d11d630d66ec8a89e2232fb52f18ece3108317d195936c50e8206d08bef5c441ce7de7505057569
SSDEEP

3072:jI4Z5k1t+MDOtUDJ+/0sWSWhkBl8lSHyTctu0NyDLV:jIt14MDOOg/0sW1AqlSxE0NyPV

Score

N/A

Malware Config

Signatures

Files

70055f3f39eadb09d48d124d2501a6b9dd0da67a5e6049d0ca2bb0be0fda6398
.exe windows x86

301f32ae25642ff7e5d8c8b638530b7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

common

?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?FlushLog@TXLog@@YAXXZ
?SafeLoadLibrary@Sys@Util@@YAPAUHINSTANCE__@@PB_W@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??0CTXStringW@@QAE@PA_W@Z
??1CTXStringW@@QAE@XZ
??8@YA_NPB_WABVCTXStringW@@@Z
?OnExitWinMain@Misc@Util@@YAXXZ
??8@YA_NABVCTXStringW@@PB_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ
??BCTXStringW@@QBEPB_WXZ
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??0CTXStringW@@QAE@ABV0@@Z
??0CTXStringW@@QAE@XZ
?Format@CTXStringW@@QAAXPB_WZZ
?GetLength@CTXStringW@@QBEHXZ
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
??ACTXStringW@@QBE_WH@Z
??0CTXStringW@@QAE@PB_W@Z
?Append@CTXStringW@@QAEXPB_W@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?SetMainAndLogicMsgLoop@Misc@Util@@YAXPAVMessageLoopForUI@@PAVMessageLoop@@@Z
?SetBugReportFlag@TXBugReport@@YAHK@Z
?GetLCID@NLS@@YAKXZ
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?GetSession@TXLog@@YAKXZ
??YCTXStringW@@QAEAAV0@PB_W@Z

processsession

?AddSink@CTXOPChannel@@QAEXPAUITXOPChanelSysSink@@@Z
?GetConnectCount@CTXOPChannel@@QAEIXZ
??0CTXOPChannel@@QAE@XZ
??1CTXOPChannel@@UAE@XZ
?Listen@CTXOPChannel@@QAEHXZ
?Start@CTXOPChannel@@QAEHPB_W@Z
?Run@CTXOPChannel@@EAEIXZ
?SendReply@CTXOPChannel@@QAEHKKPBEI@Z

kernel32

GetProcessHeap
HeapFree
GetVersionExA
OpenMutexW
CloseHandle
CreateMutexW
GetCurrentProcessId
GetCurrentThreadId
GetTempPathW
QueryPerformanceCounter
CreateDirectoryW
CreateFileW
GetTickCount
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
LoadLibraryW
GetProcAddress
FreeLibrary
SetUnhandledExceptionFilter
InterlockedDecrement
DeleteCriticalSection
GetModuleHandleW
InterlockedIncrement
lstrlenW
InitializeCriticalSection
HeapAlloc
LoadLibraryA
VirtualFree
VirtualAlloc
SetEvent
IsProcessorFeaturePresent
CreateEventW
InterlockedExchange
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
CreateThread
RaiseException
TerminateThread
WaitForSingleObject
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
GetVersionExW
SetLastError
FlushInstructionCache
Sleep

user32

MsgWaitForMultipleObjectsEx
CallMsgFilterW
KillTimer
DispatchMessageW
DestroyWindow
TranslateMessage
PeekMessageW
CreateWindowExW
PostMessageW
GetDesktopWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
IsWindow
SetWindowLongW
GetWindowLongW
CallWindowProcW
WaitMessage
SetTimer
GetQueueStatus
PostQuitMessage
DefWindowProcW
UnregisterClassA
UnregisterClassW

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

ole32

CoInitialize
CoUninitialize
OleInitialize

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

msvcr80

__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
_unlock
__p__fmode
__set_app_type
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memset
wcsrchr
_purecall
_time64
??2@YAPAXI@Z
__wargv
__argc
??3@YAXPAX@Z
swprintf_s
_recalloc
ceil
memcpy
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
__p__commode
free
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
_CxxThrowException

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

301f32ae25642ff7e5d8c8b638530b7a

Headers

File Characteristics

Imports

common

processsession

kernel32

user32

advapi32

ole32

msvcp80

msvcr80

winmm

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.lrdata Size: 72KB - Virtual size: 72KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.lrdata
Size: 72KB - Virtual size: 72KB