b5deca26f6662b46b0e87db921089c1a46a3203262cbaaf501a107d871904a40

Sharing

Copy URL Twitter E-mail

General

Target

b5deca26f6662b46b0e87db921089c1a46a3203262cbaaf501a107d871904a40
Size

120KB
MD5

c42bd05b6000b42ba2dfbd7c60d013fe
SHA1

da0f2883223fc5904e895e2dfb18dab687a12756
SHA256

b5deca26f6662b46b0e87db921089c1a46a3203262cbaaf501a107d871904a40
SHA512

7ca1b9a00a6aca8fcfab1a6b5c432ac568f650a38eb199216141f0ed65856784e372d5014874c2bba7f13d1015eaff74e944c09e0edcdb198ea21226a4a98f6f
SSDEEP

3072:QDQVMiTzLxFjlOWoo95Y2L7ct8KA9rjMHYYVfOEY:QenlOWoorY2kNA9CO1

Score

N/A

Malware Config

Signatures

Files

b5deca26f6662b46b0e87db921089c1a46a3203262cbaaf501a107d871904a40
.dll windows x86

6b5f8271bce00217b9b8a51cc69e4da8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vc8_xerces-c_2_7

?fatalError@DefaultHandler@xercesc_2_7@@UAEXABVSAXParseException@2@@Z
?ignorableWhitespace@DefaultHandler@xercesc_2_7@@UAEXQB_WI@Z
?notationDecl@DefaultHandler@xercesc_2_7@@UAEXQB_W00@Z
?processingInstruction@DefaultHandler@xercesc_2_7@@UAEXQB_W0@Z
?resetErrors@DefaultHandler@xercesc_2_7@@UAEXXZ
?resetDocument@DefaultHandler@xercesc_2_7@@UAEXXZ
?resetDocType@DefaultHandler@xercesc_2_7@@UAEXXZ
?resolveEntity@DefaultHandler@xercesc_2_7@@UAEPAVInputSource@2@QB_W0@Z
?unparsedEntityDecl@DefaultHandler@xercesc_2_7@@UAEXQB_W000@Z
?setDocumentLocator@DefaultHandler@xercesc_2_7@@UAEXQBVLocator@2@@Z
?startDocument@DefaultHandler@xercesc_2_7@@UAEXXZ
?warning@DefaultHandler@xercesc_2_7@@UAEXABVSAXParseException@2@@Z
?startPrefixMapping@DefaultHandler@xercesc_2_7@@UAEXQB_W0@Z
?endPrefixMapping@DefaultHandler@xercesc_2_7@@UAEXQB_W@Z
?skippedEntity@DefaultHandler@xercesc_2_7@@UAEXQB_W@Z
?comment@DefaultHandler@xercesc_2_7@@UAEXQB_WI@Z
?endCDATA@DefaultHandler@xercesc_2_7@@UAEXXZ
?endEntity@DefaultHandler@xercesc_2_7@@UAEXQB_W@Z
?startCDATA@DefaultHandler@xercesc_2_7@@UAEXXZ
?startDTD@DefaultHandler@xercesc_2_7@@UAEXQB_W00@Z
?error@DefaultHandler@xercesc_2_7@@UAEXABVSAXParseException@2@@Z
?startEntity@DefaultHandler@xercesc_2_7@@UAEXQB_W@Z
?attributeDecl@DefaultHandler@xercesc_2_7@@UAEXQB_W0000@Z
?elementDecl@DefaultHandler@xercesc_2_7@@UAEXQB_W0@Z
?externalEntityDecl@DefaultHandler@xercesc_2_7@@UAEXQB_W00@Z
?internalEntityDecl@DefaultHandler@xercesc_2_7@@UAEXQB_W0@Z
??0DefaultHandler@xercesc_2_7@@QAE@XZ
??1DefaultHandler@xercesc_2_7@@UAE@XZ
?endDTD@DefaultHandler@xercesc_2_7@@UAEXXZ
?endDocument@DefaultHandler@xercesc_2_7@@UAEXXZ
?createXMLReader@XMLReaderFactory@xercesc_2_7@@SAPAVSAX2XMLReader@2@QAVMemoryManager@2@QAVXMLGrammarPool@2@@Z
?fgMemoryManager@XMLPlatformUtils@xercesc_2_7@@2PAVMemoryManager@2@A
?fgXercescDefaultLocale@XMLUni@xercesc_2_7@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_2_7@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@_N@Z
?Terminate@XMLPlatformUtils@xercesc_2_7@@SAXXZ

mfc80u

ord2261
ord900
ord899
ord896
ord2121
ord3990
ord2444
ord2461
ord280
ord774
ord777
ord1472
ord3841
ord3842
ord2260
ord6160
ord1479
ord282
ord6700
ord762
ord266
ord265
ord1236
ord2460
ord5398
ord293
ord283
ord577
ord776
ord2311
ord764

msvcr80

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
fputs
fopen
fclose
memmove_s
sprintf
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_wtoi
_invalid_parameter_noinfo
_purecall
strlen
wcslen
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
free
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
memcpy
_CxxThrowException
__CxxFrameHandler3
malloc

kernel32

GetThreadLocale
GetLocaleInfoA
GetACP
WideCharToMultiByte
lstrlenW
GetTempPathW
lstrlenA
MultiByteToWideChar
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
SafeArrayAccessData

Exports

Exports

dezideLoadPlugin
dezideUnloadPlugin

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b5f8271bce00217b9b8a51cc69e4da8

Headers

File Characteristics

Imports

vc8_xerces-c_2_7

mfc80u

msvcr80

kernel32

advapi32

msvcp80

ole32

oleaut32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 60KB - Virtual size: 58KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 60KB - Virtual size: 58KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 9KB