RusRules4[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

RusRules4.dll
Size

284KB
MD5

784cf4e4b24d3c1c4b6074f0412bd564
SHA1

01ecb3b3fd328d039623272d7ea4f49bf8dbbac0
SHA256

2de5e6aab9cef7ea9035d5dd1299d982c08982ec76136c06f5b64db38c89b9f7
SHA512

15afccedae650c34c582665e1ca237fa98933430c3b5730731a24a0779cb98d5081e67147b537ae831d7bbc1f5953c2909891f5bb98532fb7aa26ca6633212c1
SSDEEP

6144:drgXk92fkke47hfFhdfk20VST/eoSgov:drgXkkc/47hIAaoK

Score

N/A

Malware Config

Signatures

Files

RusRules4.dll
.dll windows x86

473f4a801a5e03874126db614a9c56df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetLastError
GetLastError
InterlockedExchange
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
FreeLibrary
ExitProcess

user32

MessageBoxA
IsWindowEnabled
GetParent
GetLastActivePopup
GetCapture
GetDesktopWindow
GetKeyState
IsWindow

fineobj

?UnregisterModule@FObj@@YAXPAUHINSTANCE__@@@Z
?BeginStaticPart@FObj@@YAXXZ
?GetErrorFlag@FObj@@YA_NXZ
??0CUnicodeString@FObj@@QAE@XZ
??1CUnicodeString@FObj@@QAE@XZ
?GenerateInternalError@FObj@@YA_NW4TInternalErrorType@1@PB_W11JK@Z
?ThrowUserException@FObj@@YAXXZ
?Delete@CException@FObj@@QAEXXZ
??0CUnicodeString@FObj@@QAE@PB_W@Z
?Ptr@CUnicodeString@FObj@@QBEPB_WXZ
?Length@CUnicodeString@FObj@@QBEHXZ
??4CUnicodeString@FObj@@QAEAAV01@ABV01@@Z
?MessageBoxW@FObj@@YAHPB_WH@Z
??BCUnicodeString@FObj@@QBEPB_WXZ
??1CString@FObj@@QAE@XZ
??0CString@FObj@@QAE@PBD@Z
??4CString@FObj@@QAEAAV01@ABV01@@Z
??0CString@FObj@@QAE@XZ
??0CString@FObj@@QAE@PB_WI@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@JH@Z
?Compare@CUnicodeString@FObj@@QBEHPB_W@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
?SubstParam@CMessage@FObj@@QBE?AVCUnicodeString@2@ABV32@0@Z
?CreateUnicodeString@CString@FObj@@QBE?AVCUnicodeString@2@I@Z
?IsEmpty@CUnicodeString@FObj@@QBE_NXZ
??0rational@FObj@@QAE@HH@Z
?Mid@CUnicodeString@FObj@@QBE?AV12@H@Z
?Left@CUnicodeString@FObj@@QBE?AV12@H@Z
?FindOneOf@CUnicodeString@FObj@@QBEHPB_WH@Z
?Trim@CUnicodeString@FObj@@QAEXXZ
??4CUnicodeString@FObj@@QAEAAV01@PB_W@Z
??0CUnicodeString@FObj@@QAE@ABV01@@Z
??0CMessage@FObj@@QAE@PB_WH@Z
??1CMessage@FObj@@QAE@XZ
??YCUnicodeString@FObj@@QAEAAV01@ABV01@@Z
??0CUnicodeString@FObj@@QAE@_WH@Z
??0CString@FObj@@QAE@ABV01@@Z
?EndStaticPart@FObj@@YAXXZ
??BCString@FObj@@QBEPBDXZ
?ReplaceAll@CUnicodeString@FObj@@QAEXPB_W0@Z
??0CUnicodeString@FObj@@AAE@PAVCUnicodeStringBody@1@@Z
?concatStr@CUnicodeString@FObj@@CAPAVCUnicodeStringBody@2@PB_WH0H@Z
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??ACUnicodeString@FObj@@QBE_WH@Z
?StrDel@CUnicodeString@FObj@@QAEXHH@Z
?Empty@CUnicodeString@FObj@@QAEXXZ
?Right@CUnicodeString@FObj@@QBE?AV12@H@Z
?CharPos@CUnicodeString@FObj@@QBEH_WH@Z
??0CRect@FObj@@QAE@HHHH@Z
?StrIns@CUnicodeString@FObj@@QAEXABV12@H@Z
??YCUnicodeString@FObj@@QAEAAV01@_W@Z
?Mid@CUnicodeString@FObj@@QBE?AV12@HH@Z
??YCUnicodeString@FObj@@QAEAAV01@PB_W@Z
??0CSize@FObj@@QAE@HH@Z
?MakeReverse@CUnicodeString@FObj@@QAEXXZ
?safeStr@CUnicodeString@FObj@@CAPB_WPB_W@Z
?safeStrLen@CUnicodeString@FObj@@CAHPB_W@Z
?GetLength@CUnicodeString@FObj@@QBEHXZ
?SubstParam@CMessage@FObj@@QBE?AVCUnicodeString@2@ABV32@@Z
?MessageBoxW@FObj@@YAHAAVCMessage@1@H@Z
?Sprintf@FObj@@YA?AVCUnicodeString@1@PB_WZZ
?AccessFile@FileSystem@FObj@@YA_NABVCUnicodeString@2@I@Z
?SetAt@CUnicodeString@FObj@@QAEXH_W@Z
?SpanExcludingLength@CUnicodeString@FObj@@QBEHPB_WH@Z
??4CString@FObj@@QAEAAV01@PBD@Z
??1CListNodeBase@FObj@@UAE@XZ
?CompareNoCase@CUnicodeString@FObj@@QBEHPB_W@Z
?Find@CUnicodeString@FObj@@QBEHPB_WH@Z
?ReleaseBuffer@CUnicodeString@FObj@@QAEXXZ
?GetBuffer@CUnicodeString@FObj@@QAEPA_WH@Z
?StrDel@CUnicodeString@FObj@@QAEXH@Z
?MakeLower@CUnicodeString@FObj@@QAEXXZ
?UnicodeStr@CMessage@FObj@@QBE?AVCUnicodeString@2@XZ
?Find@CUnicodeString@FObj@@QBEH_WH@Z
?CreateString@CUnicodeString@FObj@@QBE?AVCString@2@I@Z
?Warning@FObj@@YAXPAVCException@1@@Z
?ReleaseBuffer@CUnicodeString@FObj@@QAEXH@Z
?Warning@CException@FObj@@UBEXXZ
??1CException@FObj@@UAE@XZ
??0CException@FObj@@QAE@XZ
??3?$CAllocatedOn@VRuntimeHeap@FObj@@@FObj@@SAXPAX@Z
??2?$CAllocatedOn@VRuntimeHeap@FObj@@@FObj@@SAPAXI@Z
??0CListNodeBase@FObj@@QAE@XZ
?AddLast@CListBase@FObj@@QAEXPAVCListNodeBase@2@@Z
??0rational@FObj@@QAE@H@Z
?GenerateCheck@FObj@@YAXAAVCError@1@PB_W11@Z
??0CError@FObj@@QAE@PB_WH@Z
??1CError@FObj@@QAE@XZ
?ReleaseBuffer@CString@FObj@@QAEXH@Z
?ERR_BAD_ARCHIVE@FObj@@3VCError@1@A
?GetBuffer@CString@FObj@@QAEPADH@Z
?Empty@CString@FObj@@QAEXXZ
?RegisterModule@FObj@@YAXPAUHINSTANCE__@@P6AXXZ1@Z
?AddResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z
?RemoveResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z
?GetFineObjectsVersion@FObj@@YAHXZ
?Compare@CString@FObj@@QBEHPBD@Z

msvcr71

memmove
_purecall
__RTDynamicCast
_wtoi64
_i64tow
_CxxThrowException
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
free
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
__security_error_handler
__CxxFrameHandler

fineobjfc

ord5315
ord6296
ord6119
ord4650
ord4802
ord4155
ord5916
ord4656
ord501
ord3874
ord1593
ord5662
ord5857
ord2825
ord6369
ord6555
ord5139
ord4824
ord5942
ord3898
ord1589
ord4185
ord5115
ord2090
ord5006
ord6293
ord4127
ord3606
ord2352
ord1710
ord6286
ord3553
ord4901
ord1542
ord5135
ord2158
ord1789
ord5146
ord2707
ord2882
ord3007
ord4247
ord2870
ord3011
ord2710
ord2815
ord2701
ord3651
ord3652
ord3646
ord2813
ord3901
ord4420
ord4204
ord4292
ord4484
ord1274
ord2578
ord2093
ord3944
ord863
ord3697
ord561
ord6103
ord2213
ord2873
ord4511
ord2581
ord4652
ord4222
ord6250
ord3693
ord3058
ord1267
ord5665
ord1481
ord2357
ord3635
ord3454
ord5336
ord826
ord822
ord1206
ord4725
ord4772
ord4132
ord5156
ord1502
ord5945
ord1590
ord5157
ord1709
ord4212
ord2505
ord2443
ord6427
ord6313
ord2344
ord6466
ord6582
ord4620
ord1101
ord6464
ord6581
ord512
ord2596
ord2228
ord3243
ord4888
ord4220
ord5712
ord4516
ord3904
ord2595

langinfo

?emptyStringBody@CLetterStringBody@@2V1@A
?GetUnicodeText@CLetterString@@QBE?AVCUnicodeString@FObj@@XZ
?LinguisticLowerCase@CLetterString@@QAEXFK@Z
??0CLetterString@@QAE@PB_WF@Z
??H@YA?AVCLetterString@@ABV0@0@Z
??0CLetterString@@QAE@PBD@Z
?GetLetter@LangInfo@@SIFPBD@Z
??0CLetterSet@@QAE@PBD@Z
??4CLetterString@@QAEAAV0@ABV0@@Z
?ConvertString@CLetterString@@QBE?AV1@KFK@Z
?destroy@CLetterStringBody@@QAEXXZ
?GetUnicodeFromLetter@LangInfo@@SI_WF@Z
?ConvertLetter@LangInfo@@SIPBFKFFK@Z
?GetLetterFromUnicode@LangInfo@@SIF_W@Z
?GetNearestLanguageFromCodePages@LangInfo@@SIFHH@Z
?GetSystemCodePage@LangInfo@@SIHW4CodePageType@@@Z
??1CLetterString@@QAE@XZ
?MakeLower@UnicodeLangInfo@@YA?AVCUnicodeString@FObj@@ABV23@FK@Z

da4

?classCFormTemplateTextField@CFormTemplateTextField@@2UCRuntimeClass@MFC@@A
?SetText@CFormTemplateBarcodeField@@QAEXPAVCObject@MFC@@@Z
?SetText@CFormTemplateTextField@@QAEXPAVCObject@MFC@@@Z
?GetText@CFormTemplateTextField@@QAEPAVCObject@MFC@@XZ
?AddSuggest@CFormTemplateBarcodeField@@QAEXPAVCObject@MFC@@@Z
?AddSuggest@CFormTemplateTextField@@QAEXPAVCObject@MFC@@@Z
?DeleteSuggests@CFormTemplateBarcodeField@@QAEXXZ
?classCFormTemplateBarcodeField@CFormTemplateBarcodeField@@2UCRuntimeClass@MFC@@A
?GetText@CFormTemplateBarcodeField@@QAEPAVCObject@MFC@@XZ
?FindBlock@CPageLayout@@QBEPAVCLayoutBlock@@ABVCUnicodeString@FObj@@@Z
?FindBlock@CPageLayout@@QBEPAVCLayoutBlock@@H@Z
?IsRecognizableField@CFormTemplateBarcodeField@@QBEHXZ
?DeleteSuggests@CFormTemplateTextField@@QAEXXZ

rules4

??0CRuleFieldInfo@@QAE@HW4TRuleFieldAccessMode@@VCSet@@@Z
??1CRuleFieldInfo@@UAE@XZ
?AddRuleMessage@CRuleInterface@@IBEXAAV?$CArray@VCRuleMessageExt@@VCurrentMemoryManager@FObj@@@FObj@@ABVCUnicodeString@3@ABV?$CArray@HVCurrentMemoryManager@FObj@@@3@@Z
?GetName@CRuleInterface@@QBE?AVCUnicodeString@FObj@@XZ
?GetTypeName@CRuleInterface@@QBE?AVCUnicodeString@FObj@@XZ
?IsSkipEmptyFields@CRuleInterface@@IBEHXZ
?ClassRecords@CRuleInterface@@2VCStaticList@@A
?AddRuleMessage@CRuleInterface@@IBEXAAV?$CArray@VCRuleMessageExt@@VCurrentMemoryManager@FObj@@@FObj@@ABVCUnicodeString@3@H@Z
?GetObjectVersion@CRuleInterface@@IAEIAAVCArchive@MFC@@@Z
?GetRuntimeClass@CRuleFieldInfo@@UBEPAUCRuntimeClass@MFC@@XZ
?Serialize@CRuleFieldInfo@@UAEXAAVCArchive@MFC@@@Z
??1CRuleInterface@@UAE@XZ
??0CRuleInterface@@QAE@XZ
?Serialize@CRuleInterface@@UAEXAAVCArchive@MFC@@@Z
?SetRuleData@CRuleInterface@@UAEXABVCFormTemplate@@PAUCRuleInfo@@PAUCCustomRuleInfo@@@Z
?DoEnd@CRuleInterface@@MAEXXZ
?DoBegin@CRuleInterface@@MAEHAAVCUnicodeString@FObj@@@Z
?classCRuleInterface@CRuleInterface@@2UCRuntimeClass@MFC@@B

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

__FineObjUsed

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

473f4a801a5e03874126db614a9c56df

Headers

File Characteristics

Imports

kernel32

user32

fineobj

msvcr71

fineobjfc

langinfo

da4

rules4

advapi32

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 25KB