651f797a91a6748d51f8af60dfc1dd73a9dfdd9393a4987bd2d508497d3c93f2

Sharing

Copy URL Twitter E-mail

General

Target

651f797a91a6748d51f8af60dfc1dd73a9dfdd9393a4987bd2d508497d3c93f2
Size

790KB
MD5

256dfb4a3f7ef43eb9ac887e2984dec0
SHA1

6d9cb65cfef898fee55ea175a8044e1e73b9e8d6
SHA256

651f797a91a6748d51f8af60dfc1dd73a9dfdd9393a4987bd2d508497d3c93f2
SHA512

689c9dbfb47ff943aaaf31c92cf26344d249c17701c2bf3ad61d83d6dbe348ff02dded16232cdc1e9a9a236f59fc6a92ac5b5db44bc9f17f22bc8a88c8450f7c
SSDEEP

24576:rGF2+vcuGh434ZmtB9DvIgK8amIoJUEX/s:epf34ZyXIgK8XIK9E

Score

N/A

Malware Config

Signatures

Files

651f797a91a6748d51f8af60dfc1dd73a9dfdd9393a4987bd2d508497d3c93f2
.dll windows x86

2893cd6882f1a46a51002c83647d5e95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_snwprintf
strcspn
wcscspn
_strcmpi
_wcslwr
_strnicmp
wcsrchr
strcat
strtoul
strcpy
calloc
_beginthreadex
_wcsicmp
isalnum
_itoa
swprintf
_vsnprintf
towlower
wcstol
_errno
wcstoul
rand
realloc
_wcsdup
strncpy
fclose
fwrite
localtime
_vsnwprintf
fopen
wcsncat
strncmp
wcsncmp
wcsstr
wcsncpy
_wcsnicmp
wcschr
qsort
exit
_iob
fprintf
wcscmp
swscanf
sprintf
wcslen
_pctype
isspace
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_CxxThrowException
__CxxFrameHandler
strstr
sscanf
_wtoi
malloc
toupper
strcmp
tolower
memchr
strchr
memcmp
??8type_info@@QBEHABV0@@Z
time
_strdup
srand
_stricmp
??2@YAPAXI@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??3@YAXPAX@Z
_purecall
memset
memcpy
strlen
free
memmove

kernel32

GetPrivateProfileStringW
ResetEvent
InterlockedCompareExchange
GetVersionExA
VirtualProtect
VirtualFree
VirtualQuery
GetSystemInfo
GetStringTypeW
LCMapStringA
LCMapStringW
GetUserDefaultLCID
GetStringTypeA
LocalFree
DisableThreadLibraryCalls
lstrcpyW
lstrcpynW
SizeofResource
LoadLibraryExW
LoadResource
FindResourceW
GetEnvironmentVariableW
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileTime
CopyFileW
GetSystemTime
WaitForSingleObject
CreateProcessW
CreateEventW
SetEvent
GetTimeZoneInformation
CloseHandle
GetCurrentThreadId
GetTempPathW
CreateFileW
ReadFile
GetFileSize
FileTimeToSystemTime
OutputDebugStringW
SystemTimeToFileTime
GetLocaleInfoA
GetModuleHandleW
InitializeCriticalSection
LoadLibraryW
GetVersionExW
GetFileAttributesW
GetModuleFileNameW
GetACP
RaiseException
InterlockedExchange
GetLastError
SetLastError
GetThreadLocale
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
OutputDebugStringA
GetVersion
GetComputerNameA
WideCharToMultiByte
TerminateThread
Sleep
lstrlenW
lstrlenA
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
lstrcmpW
lstrcmpiW
ExitProcess

xprt5

?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??0TBstr@XPRT@@QAE@GH@Z
?AppendFileNameToSpec@TFile@XPRT@@SA?AVTBstr@2@PBG0@Z
?TestAccess@TFile@XPRT@@SA_NPBGI@Z
xprt_ucslcpy
?Add@TPtrArray@XPRT@@QAEHPAX@Z
xprt_iswdigit
kSystemEncoding
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?MakeLower@TBstr@XPRT@@QAEAAV12@XZ
?Find@TBstr@XPRT@@QBEHPBGH@Z
?Append@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?TrimLeft@TBstr@XPRT@@QAEAAV12@XZ
?TrimRight@TBstr@XPRT@@QAEAAV12@XZ
?TrimRight@TBstr@XPRT@@QAEAAV12@G@Z
?GetAt@TBstr@XPRT@@QBEGH@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Replace@TBstr@XPRT@@QAEHPBG0@Z
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
?IsEmpty@TBstr@XPRT@@QBE_NXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?Copy@TBstr@XPRT@@QBEPAGXZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
xprt_memset
xprt_memmove
xprt_strcmp
??1TPtrArray@XPRT@@QAE@XZ
??0TPtrArray@XPRT@@QAE@XZ
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
_XprtUninitialize@0
_XprtInitialize@8
xprt_strlen
xprt_memcpy
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
_XprtAtomicDecrement@4
_XprtAtomicIncrement@4
??0TMessageDigest@XPRT@@QAE@XZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
?Left@TBstr@XPRT@@QBE?AV12@H@Z
?Find@TBstr@XPRT@@QBEHGH@Z
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Compare@TBstr@XPRT@@QBEHPBG@Z
_XprtMemAlloc@4
??0TBstr@XPRT@@QAE@ABV01@@Z
?Empty@TBstr@XPRT@@QAEXXZ
?Append@TBstr@XPRT@@QAEAAV12@PBDHPBG@Z
?GetLength@TBstr@XPRT@@QBEHXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
_XprtMemFree@4
??0TBstr@XPRT@@QAE@XZ
?GetString@TBstr@XPRT@@QBEPBGXZ
?Format@TBstr@XPRT@@QAAXPBGZZ
??0TBstr@XPRT@@QAE@PBG@Z
??1TBstr@XPRT@@QAE@XZ
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
_XprtStringLen@4

ws2_32

gethostbyname
connect
inet_ntoa
WSAStartup
inet_addr
WSAGetLastError
getservbyport
WSACleanup
recv
socket
getservbyname
closesocket
send
ntohl
htons
gethostbyaddr
ntohs
htonl

wininet

InternetOpenW
HttpSendRequestW
InternetErrorDlg
InternetGetCookieW
InternetOpenUrlW
InternetSetCookieW
HttpEndRequestW
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestExA
HttpOpenRequestW
HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoW
InternetCloseHandle
InternetOpenA
InternetConnectW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharLowerW
LoadStringA
SetTimer
KillTimer
MessageBoxW
PostQuitMessage
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
SetCursor
LoadStringW
CharUpperA
CharLowerA
CharNextW
PostThreadMessageW
GetCursor

advapi32

GetUserNameA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyA
RegSetValueExW
RegCreateKeyExW
CryptGetHashParam
CryptAcquireContextW
CryptCreateHash
CryptHashData
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW

ole32

StringFromCLSID
CreateBindCtx
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoRegisterMessageFilter

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayCopy
SafeArrayDestroy
SafeArrayUnlock
SafeArrayCreate
SafeArrayLock
VariantInit
VariantChangeType
VariantClear
VariantCopy
VarUI4FromStr
SysAllocStringLen
SysAllocString
SysFreeString

Exports

Exports

EEGetModuleInterop
GetAT
GetAccountType

Sections

.text
Size: 475KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2893cd6882f1a46a51002c83647d5e95

Headers

File Characteristics

Imports

msvcrt

kernel32

xprt5

ws2_32

wininet

version

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 475KB - Virtual size: 474KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 51KB - Virtual size: 58KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 61KB - Virtual size: 61KB

.text Size: 63KB - Virtual size: 64KB

.text
Size: 475KB - Virtual size: 474KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 51KB - Virtual size: 58KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 61KB - Virtual size: 61KB

.text
Size: 63KB - Virtual size: 64KB