3c6f3031a5e4c5a7a29d375bb5799f6bd13690b0d645b213e389f6af5d19d171

Sharing

Copy URL Twitter E-mail

General

Target

3c6f3031a5e4c5a7a29d375bb5799f6bd13690b0d645b213e389f6af5d19d171
Size

433KB
MD5

acf56b996701978f1066be00654b6a3d
SHA1

8e2b5d2dda65eb4b4e1514d78fd97d023245224c
SHA256

3c6f3031a5e4c5a7a29d375bb5799f6bd13690b0d645b213e389f6af5d19d171
SHA512

cb52a3565a0df5f941892ef463201bafcf6d6aa594db51cc40002b6a1da0cd13beb88a7ae97554293d6b6ad89af3c168a4c90e9b7b685659b3437de6034e74f7
SSDEEP

6144:Mfxts5Diu6OU8wNhwq3jdI4yTubkEx/N3lP5uIROt4rlxdGXy0:QW5D4XJ3mup/LRuQrlKy

Score

N/A

Malware Config

Signatures

Files

3c6f3031a5e4c5a7a29d375bb5799f6bd13690b0d645b213e389f6af5d19d171
.dll windows x86

468920c715cef5bfe1775bf37531e138

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpConnect
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryHeaders

mfc90u

ord1064
ord277
ord2695
ord5543
ord781
ord6820
ord1600
ord1603
ord293
ord942
ord4491
ord2327
ord943
ord6510
ord335
ord612
ord1166
ord403
ord663
ord287
ord6164
ord2478
ord5979
ord4519
ord6013
ord4405
ord933
ord2676
ord4494
ord5943
ord2955
ord2953
ord3534
ord400
ord2539
ord2537
ord2084
ord579
ord3729
ord571
ord6727
ord1599
ord582
ord3221
ord305
ord1608
ord935
ord938
ord2479
ord601
ord316
ord6690
ord300
ord4495
ord2481
ord3186
ord265
ord911
ord4490
ord310
ord1248
ord1254
ord6630
ord3220
ord285
ord3185
ord1607
ord5939
ord4324
ord6687
ord2326
ord266
ord286
ord280
ord811
ord290
ord909
ord296
ord1250
ord799
ord3500
ord784
ord600
ord813
ord801
ord605
ord1274
ord321
ord1241
ord1239
ord1264
ord1180
ord1233
ord391
ord1152
ord1273
ord1271
ord1145
ord1076
ord1137
ord322
ord802
ord1088
ord1093
ord1092
ord392

msvcr90

iswdigit
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CxxFrameHandler3
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_purecall
free
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
calloc
_recalloc
memmove_s
memcpy
malloc
_wtoi
rand_s
wcsstr
isspace
_wcslwr_s
memcpy_s
_wcsnicmp
wcsncmp
memset
wcstol
_onexit
_time64
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
__CppXcptFilter
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv

kernel32

lstrlenW
WideCharToMultiByte
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLocalTime
GetCurrentThreadId
DeleteFileW
LocalFree
FormatMessageW
GetTickCount
MultiByteToWideChar
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrlenA
InitializeCriticalSection
GetTimeZoneInformation
LocalAlloc

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

oleaut32

SysFreeString

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?length@?$char_traits@D@std@@SAIPBD@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?setf@ios_base@std@@QAEHHH@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

Exports

Exports

GetVrSearchDll

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

468920c715cef5bfe1775bf37531e138

Headers

File Characteristics

Imports

winhttp

mfc90u

msvcr90

kernel32

advapi32

oleaut32

msvcp90

Exports

Exports

Sections

.text Size: 282KB - Virtual size: 281KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 4KB - Virtual size: 5KB

.idata Size: 70KB - Virtual size: 70KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 4KB - Virtual size: 5KB

.idata
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB