f301210bdfb9243bdb4cbc1b4cc6fa25bc27bdf3dfc4f178660e6e22c26a394a

Sharing

Copy URL Twitter E-mail

General

Target

f301210bdfb9243bdb4cbc1b4cc6fa25bc27bdf3dfc4f178660e6e22c26a394a
Size

420KB
MD5

4ce37a9de8d0eaaf362fd836f1bace84
SHA1

fbacf7c04559c01d584505bfafa7f446646a0cff
SHA256

f301210bdfb9243bdb4cbc1b4cc6fa25bc27bdf3dfc4f178660e6e22c26a394a
SHA512

7b8983e75949ea6b6cd18332ca3d3eda0e314384ebf1c2613a6554993c9e299ec3358f9fd6ef74e744ecd49531740d951721b1342f1aa7ec8b3ba1b44cfbdb54
SSDEEP

6144:fCcr8LausZMdvibbprzem2vefxq8MGq5vFkbQ6RjmtnsXYKqF16jSp9gz0Pgooc:nr8LXXvAtI58/ma6F16jSpa4kc

Score

N/A

Malware Config

Signatures

Files

f301210bdfb9243bdb4cbc1b4cc6fa25bc27bdf3dfc4f178660e6e22c26a394a
.dll windows x86

f42b34900b1f0ec9ab97415e2e070017

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertFindExtension
CertGetEnhancedKeyUsage
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptDecodeObject
CertCreateCertificateChainEngine
CertVerifyTimeValidity
CryptMsgControl
CertGetSubjectCertificateFromStore
CertOpenStore
CryptMsgClose
CryptMsgGetParam
CryptMsgUpdate
CertGetCertificateChain
CryptMsgOpenToDecode

kernel32

GetThreadLocale
WideCharToMultiByte
lstrlenW
GetLastError
GetProcAddress
GetModuleHandleW
CloseHandle
CreateEventW
SetEvent
ResetEvent
InterlockedCompareExchange
GetCurrentThreadId
ExitProcess
DisableThreadLibraryCalls
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

PeekMessageW
KillTimer
TranslateMessage
DispatchMessageW
SetTimer
MsgWaitForMultipleObjects

ole32

CoCreateInstance
CoUninitialize
CoRegisterMessageFilter
CoInitializeEx
CreateBindCtx

oleaut32

SysAllocString
VariantChangeType
VariantCopy
SafeArrayLock
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
VariantClear
VariantInit

xprt5

xprt_strcmp
?Compare@TBstr@XPRT@@QBEHPBG@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
xprt_memmove
_XprtMemAlloc@4
xprt_memset
_XprtAtomicDecrement@4
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?Find@TBstr@XPRT@@QBEHGH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
?GetAt@TBstr@XPRT@@QBEGH@Z
_XprtMemFree@4
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
_XprtMemRealloc@8
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
xprt_iswdigit
?GetLength@TBstr@XPRT@@QBEHXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
??0TMessageDigest@XPRT@@QAE@XZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
xprt_memcpy
xprt_strlen
_XprtInitialize@8
_XprtUninitialize@0
??0TPtrArray@XPRT@@QAE@XZ
??1TPtrArray@XPRT@@QAE@XZ
?Copy@TBstr@XPRT@@QBEPAGXZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
??0TBstr@XPRT@@QAE@ABV01@@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
??0TBstr@XPRT@@QAE@XZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??1TBstr@XPRT@@QAE@XZ
?GetString@TBstr@XPRT@@QBEPBGXZ
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
_XprtAtomicIncrement@4
kSystemEncoding
??0TBstr@XPRT@@QAE@PBDPBG@Z
??0TBstr@XPRT@@QAE@PBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_snwprintf
strcmp
qsort
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_except_handler3
memcpy
_purecall
__CxxFrameHandler

Exports

Exports

EEGetModuleInterop

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f42b34900b1f0ec9ab97415e2e070017

Headers

File Characteristics

Imports

crypt32

kernel32

user32

ole32

oleaut32

xprt5

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 328KB - Virtual size: 328KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 328KB - Virtual size: 328KB