818abc3afb996b5f1b80a0763a1e71eb108eb477cefce9cabf56b4bf9c4c6a6a

Sharing

Copy URL Twitter E-mail

General

Target

818abc3afb996b5f1b80a0763a1e71eb108eb477cefce9cabf56b4bf9c4c6a6a
Size

300KB
MD5

dc35e04af3eeb2d373702186f6542f5b
SHA1

a648f40f6dbfb5bb1fc25096cdadb3a57a08b731
SHA256

818abc3afb996b5f1b80a0763a1e71eb108eb477cefce9cabf56b4bf9c4c6a6a
SHA512

0d2bdf7d963bc358b9a6ad058ac87afaa4092dd17a2a271fcded3bc4139d037b867d45c2d616861bc8bdecd7fc2d20beb9a3f7e9848ddf023aacff1b7508b91e
SSDEEP

6144:/PUeJzMum9UliKh421oOq1JD69e18Gmt:/8iYumqhhJZ9e18Gmt

Score

N/A

Malware Config

Signatures

Files

818abc3afb996b5f1b80a0763a1e71eb108eb477cefce9cabf56b4bf9c4c6a6a
.dll windows x86

8d02811f330c94b2994ca36cadf311d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

coredll

??1mcSettings@@QAE@XZ
?GetValue@mcSettings@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0PAV23@@Z
??0mcSettings@@QAE@XZ
?GetValue@mcSettings@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0PAI@Z
?SetValue@mcSettings@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0I@Z
?SetValue@mcSettings@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@00@Z
?mfStrGetFilenameAndExtFromPath@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV12@@Z
?mfOSIsVersion@@YA_NW4meVersion@@@Z
?mfOSIsVersionAtLeast@@YA_NW4meVersion@@I@Z
?GetValue@mcSettings@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0PA_N@Z
?mfStrGetFilenameFromPath@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV12@@Z
??1mcFileFinder@@UAE@XZ
?FindNextFileW@mcFileFinder@@QAE_NXZ
?mfStrToLower@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV12@@Z
?mfStrGetExtensionFromPath@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV12@@Z
?GetFilePath@mcFileFinder@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?FindFile@mcFileFinder@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4meFileDirFilter@@_N@Z
?mfStrEnsureTrailingBackslash@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV12@@Z
??0mcFileFinder@@QAE@XZ
?mfTrLogStr@@YAXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?mfTrDispose@@YAXXZ
?mfTrDelClient@@YAXXZ
?mfConvertMBCSToT@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@I@Z
?mfConvertTToMBCS@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@I@Z
?mfTrAddClient@@YAXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?mfTrInitialize@@YA_NXZ
??0mcExc@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0HABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@_N@Z
?HResult@mcExc@@UAEJXZ
?SaveToXml@mcExc@@UAEXAAVmiXMLDOMDocument@@@Z
?LoadFromXml@mcExc@@UAEXABVmiXMLDOMDocument@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?whatT@mcExc@@UBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?what@mcExc@@UBEPBDXZ
?mfConvertMBCSToT@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBDI@Z

kernel32

GlobalFree
CompareStringA
InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
FileTimeToSystemTime
GetSystemDirectoryA
LoadLibraryA
FlushInstructionCache
GetVersion
SetLastError
GetWindowsDirectoryA
VirtualQuery
FreeLibrary
GetLastError
LocalFree
Sleep
WaitForSingleObject
SetEvent
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
ResumeThread
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
RaiseException
ExitProcess
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
WinExec

enforcerms

?RegisterEnforceNotify@@YAXPAUHWND__@@_N@Z

enforce

?Ad@mcCertificate@@QBEPBVmcEnforceAd@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetCertificate@@YAPAVmcCertificate@@XZ
?Content@mcEnforceAd@@QBEABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

mmvcp70

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?_Nomemory@std@@YAXXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

mmvcr70

srand
time
wcstoul
_wtoi
__RTDynamicCast
wcscpy
_beginthreadex
malloc
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
__dllonexit
_onexit
free
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_except_handler3
rand
_purecall
fabs
_CxxThrowException
??0exception@@QAE@ABV0@@Z
memset
??3@YAXPAX@Z
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
wcsncpy
wcslen

Exports

Exports

CreateVis
DestroyVis

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d02811f330c94b2994ca36cadf311d2

Headers

File Characteristics

Imports

coredll

kernel32

enforcerms

enforce

mmvcp70

mmvcr70

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 80KB - Virtual size: 98KB

.rsrc Size: 44KB - Virtual size: 42KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 80KB - Virtual size: 98KB

.rsrc
Size: 44KB - Virtual size: 42KB

.reloc
Size: 24KB - Virtual size: 20KB