db85a0aefbdf1a19a7e784adef5cda84e9c0e6099050f58b774af840dd7f704e

Sharing

Copy URL Twitter E-mail

General

Target

db85a0aefbdf1a19a7e784adef5cda84e9c0e6099050f58b774af840dd7f704e
Size

360KB
MD5

4f52b113ecc14463e31c4e357b465bc0
SHA1

5e1d9f7841cf5e1b0b3351e968019c7a5bdd78d1
SHA256

db85a0aefbdf1a19a7e784adef5cda84e9c0e6099050f58b774af840dd7f704e
SHA512

49e297b20d9bbde90171c0c6a891b735d7138d79c840ee6485022ff235e623f91b55a379b1bffa9716903c50511d4553574dd47a4779f09984ba3b178e3c763c
SSDEEP

6144:o/D2LT7BjYh7poEhUu2TfCW8vyKyS+jdQA7WX7qgMTpod4xfco:oLeT7BMJqEmuFW8vyfDdw4z

Score

N/A

Malware Config

Signatures

Files

db85a0aefbdf1a19a7e784adef5cda84e9c0e6099050f58b774af840dd7f704e
.dll windows x86

d1c6a12621664c03182d114527b38fb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

qsort
_purecall
_snwprintf
memcpy
_except_handler3
strcmp
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

ExitProcess
GetCurrentThreadId
InterlockedCompareExchange
ResetEvent
SetEvent
CloseHandle
FreeLibrary
CompareStringA
InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetLastError
SetLastError
DisableThreadLibraryCalls

user32

TranslateMessage
PostQuitMessage
SetTimer
KillTimer
MsgWaitForMultipleObjects
WaitMessage

xprt5

?Lock@TCritSec@XPRT@@QAEXXZ
?Unlock@TCritSec@XPRT@@QAEXXZ
?Remove@TBstr@XPRT@@QAEHG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
?GetEncodedByteLength@TBstr@XPRT@@QBEHPBG@Z
_XprtAtomicIncrement@4
xprt_strcmp
xprt_memmove
_XprtMemAlloc@4
xprt_memset
_XprtAtomicDecrement@4
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetTime64@TTime@XPRT@@QBE_JXZ
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
xprt_iswdigit
?Add@TPtrArray@XPRT@@QAEHPAX@Z
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
?Term@TCritSec@XPRT@@QAEXXZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
xprt_memcpy
xprt_strlen
?Set@TTime@XPRT@@QAEXN@Z
_XprtUninitialize@0
??0TPtrArray@XPRT@@QAE@XZ
??1TPtrArray@XPRT@@QAE@XZ
?Open@TFile@XPRT@@QAE_NPBGI_N@Z
?IsOpen@TFile@XPRT@@QBE_NXZ
??1TFile@XPRT@@UAE@XZ
??0TFile@XPRT@@QAE@XZ
?RemoveAt@TPtrArray@XPRT@@QAEXHH@Z
_XprtMemRealloc@8
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?GetTickCount@TTime@XPRT@@SA?AV12@XZ
?Assign@TBstr@XPRT@@QAEAAV12@G@Z
?Replace@TBstr@XPRT@@QAEHPBG0@Z
?CreatePath@TFile@XPRT@@SA_NPBG@Z
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Find@TFileFinder@XPRT@@QAE_NPBGI@Z
??1TFileFinder@XPRT@@UAE@XZ
??0TFileFinder@XPRT@@QAE@XZ
?Compare@TBstr@XPRT@@QBEHPBG@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
?GetLength@TBstr@XPRT@@QBEHXZ
?Delete@TBstr@XPRT@@QAEHHH@Z
?IsValid@TTime@XPRT@@QBE_NXZ
?Set@TTime@XPRT@@QAEXHHHHHH@Z
?Find@TBstr@XPRT@@QBEHGH@Z
?ReverseFind@TBstr@XPRT@@QBEHG@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Init@TCritSec@XPRT@@QAEXXZ
?Format@TBstr@XPRT@@QAAXPBGZZ
?TrimLeft@TBstr@XPRT@@QAEAAV12@XZ
?TrimRight@TBstr@XPRT@@QAEAAV12@XZ
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
kUtf8Encoding
??0TMessageDigest@XPRT@@QAE@XZ
?Append@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
kSystemEncoding
??0TBstr@XPRT@@QAE@PBDPBG@Z
?Find@TBstr@XPRT@@QBEHPBGH@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
??0TBstr@XPRT@@QAE@ABV01@@Z
?GetString@TBstr@XPRT@@QBEPBGXZ
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
_XprtMemFree@4
?Detach@TBstr@XPRT@@QAEPAGXZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??0TBstr@XPRT@@QAE@PBG@Z
??0TBstr@XPRT@@QAE@XZ
??1TBstr@XPRT@@QAE@XZ
?ToInt@TBstr@XPRT@@QBEHH@Z
?GetAt@TBstr@XPRT@@QBEGH@Z
_XprtInitialize@8
?Tokenize@TBstr@XPRT@@QBE?AV12@PBGAAH@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ

ole32

CoRegisterMessageFilter
CoUninitialize
CreateBindCtx
CoCreateInstance
CoInitializeEx

oleaut32

VariantCopy
VariantClear
SysAllocString
VariantChangeType
VariantInit
SafeArrayDestroy
SafeArrayCopy
SafeArrayLock
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnlock

Exports

Exports

EEGetModuleInterop

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d1c6a12621664c03182d114527b38fb9

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

xprt5

ole32

oleaut32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 20KB - Virtual size: 17KB

.text Size: 156KB - Virtual size: 156KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 156KB - Virtual size: 156KB