TrAgent[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TrAgent.dll
Size

48KB
MD5

cfb8215f2c4ef7eb3fccd247c260006d
SHA1

40c9f6759e155f764ffc0901db13c56f0721638a
SHA256

c64e0769ca6468daf1d1be410562a0ca03502e9fc03e632362c70efab11cb731
SHA512

0b6a9b5e53c1b14b0cc9035d523a85e8e4cefe805b600c991495682ff2be4f8cb2757019830006d29c921bc140537826cb14e7f619f84d168f33d1145cc9e0f0
SSDEEP

768:ffUNJZxl3NwJ3lFXCngeUPSj2BItL/ptCooQb/949qZckgRSM2Zg/uwR:nEHaJ3lFXCTkB0htyQb/GyvJM2OxR

Score

N/A

Malware Config

Signatures

Files

TrAgent.dll
.dll windows x86

168d73477704f65f99bc77f3706ca454

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
MultiByteToWideChar
SetEvent
OpenEventW
DeviceIoControl
CreateFileW
DeleteCriticalSection
LeaveCriticalSection
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetModuleFileNameW
LoadLibraryW
ReleaseMutex
VirtualProtect
InitializeCriticalSection
CreateMutexW
DisableThreadLibraryCalls
GetEnvironmentVariableW
GetPrivateProfileIntW
WaitForSingleObject
GetModuleHandleW
GetProcAddress
TerminateThread
CloseHandle
CreateThread
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExW
RaiseException
SetLastError

user32

OffsetRect
WindowFromDC
GetParent
DispatchMessageW
GetMessageW
CreateWindowExW
RegisterClassW
DefWindowProcW
GetDC
IsRectEmpty
EqualRect
GetWindowDC
SendMessageW
ReleaseDC
DestroyWindow
PostMessageW
SetWindowLongW
UnregisterClassW
SetTimer
KillTimer
UnregisterClassA
CallNextHookEx
GetWindowRect

gdi32

GetTextAlign
GetObjectW
GetCurrentPositionEx
DeleteObject
GdiFlush
PolyTextOutW
GetCurrentObject
CreateFontIndirectW
CreateFontW
GetWindowOrgEx
GetTextCharsetInfo
SetTextColor
GetBkColor
GetClipBox
GetTextMetricsW
ExtTextOutW
SelectObject
TextOutW
SetTextAlign

advapi32

RegQueryValueExW
RegCloseKey
RegEnumValueW
RegOpenKeyExW

oleaut32

SysAllocStringLen
SysFreeString

msvcr71

_wcslwr
memmove
malloc
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
_except_handler3
??0exception@@QAE@XZ
wcsncpy
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
memset
wcscat
wcscpy
??_U@YAPAXI@Z
wcsstr
__CxxFrameHandler
??_V@YAXPAX@Z
swprintf
free
realloc
wcscmp
wcslen
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

CanUnload
HookProc
InstallHooks
SetHookHandle

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TRAP_FU
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HOOKDAT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

168d73477704f65f99bc77f3706ca454

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

oleaut32

msvcr71

msvcp71

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 22KB

.TRAP_FU Size: 6KB - Virtual size: 5KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 2KB

.HOOKDAT Size: 512B - Virtual size: 4B

.rsrc Size: 1024B - Virtual size: 816B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 22KB

.TRAP_FU
Size: 6KB - Virtual size: 5KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 2KB

.HOOKDAT
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 816B

.reloc
Size: 3KB - Virtual size: 3KB