EEGetModuleInterop
Static task
static1
Behavioral task
behavioral1
Sample
a3ff2aa02a1d42db2de8b5789a08007f2385fd00c1902e9b97d9b9f3dec115c2.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a3ff2aa02a1d42db2de8b5789a08007f2385fd00c1902e9b97d9b9f3dec115c2.dll
Resource
win10v2004-20221111-en
General
-
Target
a3ff2aa02a1d42db2de8b5789a08007f2385fd00c1902e9b97d9b9f3dec115c2
-
Size
508KB
-
MD5
652cabd8394433cadd098a056592f7a0
-
SHA1
a4464c50091f6a7a9c93a2fa65fafc860ce84c88
-
SHA256
a3ff2aa02a1d42db2de8b5789a08007f2385fd00c1902e9b97d9b9f3dec115c2
-
SHA512
c6d789466e2a32b09bccea35e9d68d909c692e5e69db7501e442e21053f0fa0c67537dd16da149d1aa78e00f3b87e095fd3a2c1e2be57195c80b4a5b1066b0bc
-
SSDEEP
12288:+jzRVbIKYEhWdr5fkXi8CtMgfDDP3e+bh0xnYj:+jzRVbqwWN5fkXi84fph0xnA
Malware Config
Signatures
Files
-
a3ff2aa02a1d42db2de8b5789a08007f2385fd00c1902e9b97d9b9f3dec115c2.dll windows x86
5be17654d45fbc21dbe850b9e721da70
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_adjust_fdiv
_initterm
free
_onexit
__dllonexit
_except_handler3
qsort
strcmp
_snwprintf
malloc
strlen
isalnum
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
kernel32
SetLastError
GetLastError
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
InterlockedExchange
CompareStringA
ExitProcess
GetCurrentThreadId
InterlockedCompareExchange
ResetEvent
SetEvent
CloseHandle
FreeLibrary
DisableThreadLibraryCalls
user32
KillTimer
TranslateMessage
MsgWaitForMultipleObjects
SetTimer
ole32
CoCreateInstance
CoUninitialize
CoRegisterMessageFilter
CoInitializeEx
CreateBindCtx
oleaut32
VariantTimeToSystemTime
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayUnlock
SafeArrayCreate
SafeArrayLock
SafeArrayCopy
SafeArrayDestroy
SystemTimeToVariantTime
VariantInit
VariantClear
VariantCopy
SysAllocString
VariantChangeType
xprt5
?GetString@TBstr@XPRT@@QBEPBGXZ
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Append@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
kSystemEncoding
?Compare@TBstr@XPRT@@QBEHPBG@Z
??0TBstr@XPRT@@QAE@ABV01@@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
??1TBstr@XPRT@@QAE@XZ
?IsEmpty@TBstr@XPRT@@QBE_NXZ
?Format@TBstr@XPRT@@QAAXPBGZZ
??0TBstr@XPRT@@QAE@XZ
?TrimRight@TBstr@XPRT@@QAEAAV12@XZ
?TrimLeft@TBstr@XPRT@@QAEAAV12@XZ
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
?GetEncodedByteLength@TBstr@XPRT@@QBEHPBG@Z
kUtf8Encoding
?GetBestEncoding@TBstr@XPRT@@QBE?AV12@XZ
kAsciiEncoding
_XprtMemFree@4
?GetLength@TBstr@XPRT@@QBEHXZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
?FreeDataChain@SPlex@XPRT@@QAEXXZ
xprt_memset
??0TBstr@XPRT@@QAE@PBG@Z
?IsValid@TTime@XPRT@@QBE_NXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?GetYear@TTime@XPRT@@QBEHXZ
?GetMonth@TTime@XPRT@@QBEHXZ
?GetDay@TTime@XPRT@@QBEHXZ
?CompareNormal@TBstr@XPRT@@QBEHPBG@Z
?Normalize@TBstr@XPRT@@QAEAAV12@XZ
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?ToInt@TBstr@XPRT@@QBEHH@Z
?Set@TTime@XPRT@@QAEXHHHHHH@Z
?Left@TBstr@XPRT@@QBE?AV12@H@Z
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?Find@TBstr@XPRT@@QBEHPBGH@Z
?Set@TTime@XPRT@@QAEXN@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Tokenize@TBstr@XPRT@@QBE?AV12@PBGAAH@Z
?GetAt@TBstr@XPRT@@QBEGH@Z
?Remove@TBstr@XPRT@@QAEHG@Z
?GetGmtTm@TTime@XPRT@@QBE_NPAUtm@@@Z
?GetTickCount@TTime@XPRT@@SA?AV12@XZ
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
?Empty@TBstr@XPRT@@QAEXXZ
?Replace@TBstr@XPRT@@QAEHPBG0@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
_XprtAllocString@4
_XprtFreeString@4
_XprtCompareString@8
_XprtHashString@4
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
??1TPtrArray@XPRT@@QAE@XZ
?RemoveAt@TPtrArray@XPRT@@QAEXHH@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
??0TPtrArray@XPRT@@QAE@XZ
_XprtCanonicalizeScreenName@8
?AppendFormat@TBstr@XPRT@@QAAXPBGZZ
?Init@TFileInfo@XPRT@@IAEXPBGI_JABVTTime@2@22@Z
??1TFile@XPRT@@UAE@XZ
?Close@TFile@XPRT@@UAE_NXZ
?Write@TFile@XPRT@@UAEHPBXH@Z
?Open@TFile@XPRT@@QAE_NPBGI_N@Z
??0TFile@XPRT@@QAE@XZ
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
_XprtGenerateRandom@8
xprt_memcpy
?Insert@TBstr@XPRT@@QAEHHPBG@Z
_XprtMemRealloc@8
xprt_memmove
_XprtMemAlloc@4
?Delete@TBstr@XPRT@@QAEHHH@Z
?MakeLower@TBstr@XPRT@@QAEAAV12@XZ
?Find@TBstr@XPRT@@QBEHGH@Z
?Read@TFile@XPRT@@UAEHPAXH@Z
?GetInfo@TFile@XPRT@@SA_NPBGAAVTFileInfo@2@@Z
?TestAccess@TFile@XPRT@@SA_NPBGI@Z
_XprtUtf8ToString@16
xprt_strlen
_XprtStringToUtf8@16
?GetTm@TTime@XPRT@@QBE_NPAUtm@@@Z
_XprtAtomicIncrement@4
xprt_strcmp
_XprtAtomicDecrement@4
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
xprt_iswdigit
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
??0TMessageDigest@XPRT@@QAE@XZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
_XprtInitialize@8
_XprtUninitialize@0
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?Copy@TBstr@XPRT@@QBEPAGXZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
Exports
Exports
Sections
.text Size: 228KB - Virtual size: 225KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 156KB - Virtual size: 156KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE