d0a43713703d9b5c247c8d20f27e37172c3ecdb08f82b5d3fb0c756e308b9682

Sharing

Copy URL Twitter E-mail

General

Target

d0a43713703d9b5c247c8d20f27e37172c3ecdb08f82b5d3fb0c756e308b9682
Size

391KB
MD5

9c828b0f3dde7ed3d7f06850c08a9cd0
SHA1

3feba98a5f96c4afa51e2268990b61efcc129f5e
SHA256

d0a43713703d9b5c247c8d20f27e37172c3ecdb08f82b5d3fb0c756e308b9682
SHA512

83727fc7d781f57ba8fbf2b1899fe69110b6685478af2a0561da444cbc24c2cd8ada40eec5706a15e7b41cca9ef184b4469be5418916bd083f79779cb4379ad3
SSDEEP

6144:XiA9BDCdNCAwRVbM3QsM/5FEYyy+nx4cJp5udH3/cJ+eciD4QWYV5hI:X/jQTuVeQsbyup5y3/cJwXQhI

Score

N/A

Malware Config

Signatures

Files

d0a43713703d9b5c247c8d20f27e37172c3ecdb08f82b5d3fb0c756e308b9682
.dll windows x86

62ee467a402831097c186a39b1c48852

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetLastError
SetLastError
DeleteFileA
DeleteFileW
MultiByteToWideChar
GetVersionExA
GetFileAttributesA
GetFileAttributesW
CreateFileA
CreateFileW
GetTempPathA
FreeLibrary
WideCharToMultiByte
CloseHandle
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
TlsAlloc
GetTempPathW
Sleep
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
ExitProcess
GetCurrentThreadId
InterlockedCompareExchange
ResetEvent
SetEvent

advapi32

RegCloseKey

ole32

CoInitializeEx
CoUninitialize
StringFromCLSID
CoTaskMemFree
CreateBindCtx
CoCreateInstance
CoCreateGuid
CoRegisterMessageFilter

xprt5

??1TPtrFromPtrMap@XPRT@@QAE@XZ
_XprtHashString@4
_XprtCompareString@8
_XprtFreeString@4
_XprtAllocString@4
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?MakeLower@TBstr@XPRT@@QAEAAV12@XZ
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
??1TPtrArray@XPRT@@QAE@XZ
??0TPtrArray@XPRT@@QAE@XZ
_XprtMemFree@4
?Detach@TBstr@XPRT@@QAEPAGXZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
kSystemEncoding
_XprtGenerateRandom@8
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
kUtf8Encoding
?GetEncodedByteLength@TBstr@XPRT@@QBEHPBG@Z
_XprtCanonicalizeScreenName@8
?GetProcAddress@TLibrary@XPRT@@QBEP6GHXZPBD@Z
_XprtGetMicroseconds64@0
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?TestAccess@TFile@XPRT@@SA_NPBGI@Z
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
??0TBstr@XPRT@@QAE@PBG@Z
?CreatePath@TFile@XPRT@@SA_NPBG@Z
?AppendFileNameToSpec@TFile@XPRT@@SA?AVTBstr@2@PBG0@Z
?GetString@TBstr@XPRT@@QBEPBGXZ
?Format@TBstr@XPRT@@QAAXPBGZZ
?Open@TFile@XPRT@@QAE_NPBGI_N@Z
?IsOpen@TFile@XPRT@@QBE_NXZ
??1TFile@XPRT@@UAE@XZ
??0TFile@XPRT@@QAE@XZ
??0TBstr@XPRT@@QAE@XZ
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??1TBstr@XPRT@@QAE@XZ
??0TBstr@XPRT@@QAE@ABV01@@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?kDirectorySeparator@TFile@XPRT@@2GB
?Load@TLibrary@XPRT@@QAE_NPBG@Z
??1TLibrary@XPRT@@UAE@XZ
??0TLibrary@XPRT@@QAE@XZ
?TrimRight@TBstr@XPRT@@QAEAAV12@G@Z
?GetAt@TBstr@XPRT@@QBEGH@Z
?GetLength@TBstr@XPRT@@QBEHXZ
?Close@TFile@XPRT@@UAE_NXZ
?Write@TFile@XPRT@@UAEHPBXH@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
??0TBstr@XPRT@@QAE@GH@Z
?GetTempDirectory@TFile@XPRT@@SA?AVTBstr@2@XZ
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
_XprtMemAlloc@4
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Replace@TBstr@XPRT@@QAEHPBG0@Z
?Empty@TBstr@XPRT@@QAEXXZ
?Replace@TBstr@XPRT@@QAEHGG@Z
?Compare@TBstr@XPRT@@QBEHPBG@Z
?Set@TTime@XPRT@@QAEXN@Z
_XprtSeedRandom@8
?Remove@TFile@XPRT@@SA_NPBG@Z
?GetFileSpec@TFileFinder@XPRT@@QBE?AVTBstr@2@XZ
?FindNext@TFileFinder@XPRT@@QAE_NI@Z
?Find@TFileFinder@XPRT@@QAE_NPBGI@Z
??1TFileFinder@XPRT@@UAE@XZ
??0TFileFinder@XPRT@@QAE@XZ
?Append@TBstr@XPRT@@QAEAAV12@G@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
_XprtAtomicIncrement@4
xprt_strcmp
xprt_memmove
xprt_memset
_XprtAtomicDecrement@4
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?Find@TBstr@XPRT@@QBEHGH@Z
?Set@TTime@XPRT@@QAEXHHHHHH@Z
?GetTm@TTime@XPRT@@QBE_NPAUtm@@@Z
xprt_strlcpy
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
xprt_ucslcpy
_XprtMemRealloc@8
xprt_iswdigit
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
??0TMessageDigest@XPRT@@QAE@XZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
xprt_memcpy
xprt_strlen
_XprtInitialize@8
_XprtUninitialize@0
?RemoveAt@TPtrArray@XPRT@@QAEXHH@Z
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z

msvcr71

__security_error_handler
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
_except_handler3
setlocale
_snwprintf
qsort
localtime
tolower
toupper
atof
strcat
strncpy
realloc
malloc
_iob
__mb_cur_max
_isctype
_pctype
memcpy
strcpy
sprintf
atoi
strcmp
_ftol
memset
memcmp
strlen
free
wcsncpy
strncmp
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z

user32

SetTimer
KillTimer
TranslateMessage
MsgWaitForMultipleObjects

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayCopy
SafeArrayDestroy
SafeArrayUnlock
SafeArrayCreate
SafeArrayLock
SystemTimeToVariantTime
VariantInit
VariantChangeTypeEx
SysAllocString
VariantTimeToSystemTime
VariantCopy
VariantClear

Exports

Exports

EEGetModuleInterop

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

62ee467a402831097c186a39b1c48852

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

xprt5

msvcr71

user32

oleaut32

Exports

Exports

Sections

.text Size: 242KB - Virtual size: 242KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 29KB - Virtual size: 32KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 18KB - Virtual size: 17KB

.text Size: 63KB - Virtual size: 64KB

.text
Size: 242KB - Virtual size: 242KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 29KB - Virtual size: 32KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 18KB - Virtual size: 17KB

.text
Size: 63KB - Virtual size: 64KB