NetTransport[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NetTransport.exe
Size

1.8MB
MD5

c8281cb87832cd0270fb5234917b0209
SHA1

23cac522e5914c53545cf6b347bd03e54e91ff6f
SHA256

35c905ffa202696fbce0a582218cf4c569cd14c6498f9a111e50cec2d9df6308
SHA512

e9d0a4395507379961c62814712e65ac4dee0cbf0782218a621977e6af5de92d28679a1bea4cc75506f372989263323dac91cdbcf759bf9c385888c6309ff9f1
SSDEEP

24576:Tm5fcphQ28pmRAtn8GK85/yVbTfEs7YstJ4NNTypx/4+fDqIKBAy0ZX4MRE8uDAA:ffK78GK6y1n9f2IK1OEtDAA

Score

1^/10

Malware Config

Signatures

Files

NetTransport.exe
.exe windows x86

dc3f846a1350760990c0d5b1b0065e6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetCookieW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

send
closesocket
recv
htons
ntohs
WSAAsyncGetHostByName
WSACancelAsyncRequest
gethostbyname
WSASetLastError
inet_ntoa
gethostbyaddr
ioctlsocket
connect
WSAGetLastError
getservbyport
htonl
inet_addr
getservbyname
select
socket
bind
getsockname
ntohl
getpeername
__WSAFDIsSet
listen
WSAStartup
WSACleanup
setsockopt
sendto
accept

mfc90u

ord349
ord4041
ord4727
ord4270
ord4772
ord6353
ord6384
ord3158
ord1533
ord4512
ord2282
ord3577
ord2130
ord1357
ord6666
ord2596
ord8686
ord6831
ord778
ord4171
ord1557
ord1325
ord405
ord664
ord3360
ord2209
ord3399
ord4405
ord4490
ord2504
ord2081
ord4262
ord3061
ord4266
ord6355
ord3165
ord4044
ord2592
ord333
ord3488
ord2470
ord6187
ord4131
ord6273
ord3145
ord1779
ord1708
ord3627
ord750
ord4516
ord2364
ord6109
ord3361
ord3338
ord3532
ord3406
ord3013
ord3020
ord3017
ord2315
ord6359
ord4465
ord6732
ord951
ord2525
ord2699
ord4010
ord4992
ord5497
ord3637
ord6065
ord3537
ord3155
ord3742
ord4398
ord3843
ord2281
ord4659
ord5617
ord4011
ord4773
ord3907
ord539
ord753
ord4026
ord5152
ord5661
ord5168
ord4632
ord4608
ord5277
ord5301
ord5047
ord5231
ord5508
ord5511
ord5509
ord5510
ord3908
ord547
ord756
ord1018
ord3374
ord4027
ord2354
ord5011
ord320
ord1261
ord1855
ord10126
ord3948
ord2653
ord5662
ord6160
ord4692
ord1640
ord4700
ord1709
ord2224
ord1405
ord3819
ord415
ord670
ord585
ord788
ord4007
ord2340
ord2341
ord2189
ord4720
ord6195
ord6517
ord4527
ord3741
ord4424
ord6036
ord4763
ord3481
ord5803
ord2650
ord5655
ord6595
ord1176
ord1102
ord4685
ord5615
ord3225
ord6375
ord4697
ord1380
ord2369
ord5598
ord4344
ord1681
ord4429
ord2651
ord3287
ord980
ord6381
ord3230
ord6379
ord3229
ord5338
ord3232
ord4553
ord5450
ord5447
ord2860
ord2079
ord2445
ord5354
ord4985
ord588
ord793
ord4042
ord2762
ord4543
ord5624
ord586
ord790
ord367
ord636
ord1047
ord5825
ord4127
ord524
ord744
ord337
ord613
ord2097
ord1353
ord6091
ord6780
ord1144
ord6808
ord3674
ord335
ord612
ord6510
ord6166
ord5889
ord5895
ord4252
ord281
ord3807
ord3775
ord3818
ord413
ord669
ord3528
ord654
ord4006
ord4719
ord5016
ord6226
ord2356
ord2763
ord4130
ord3183
ord5654
ord1680
ord1440
ord2646
ord2645
ord2647
ord2644
ord2643
ord6410
ord3354
ord5293
ord5296
ord5209
ord4596
ord4589
ord4809
ord4109
ord2045
ord1925
ord6698
ord6197
ord4494
ord1934
ord491
ord729
ord4306
ord3054
ord4819
ord3494
ord3131
ord5982
ord4822
ord4801
ord4806
ord2283
ord1719
ord4660
ord3654
ord6096
ord376
ord6806
ord3692
ord1111
ord1503
ord1935
ord4265
ord6604
ord1674
ord3511
ord633
ord6551
ord6157
ord9356
ord9515
ord6859
ord7154
ord6932
ord7205
ord7043
ord7259
ord10507
ord9475
ord9478
ord9476
ord9479
ord9480
ord9981
ord9477
ord13009
ord12789
ord12899
ord10008
ord12999
ord9919
ord12740
ord7047
ord7263
ord7928
ord12867
ord8372
ord8188
ord1222
ord5815
ord13121
ord12240
ord10437
ord6575
ord10254
ord2600
ord12273
ord10458
ord10470
ord5388
ord9922
ord11963
ord8840
ord5342
ord13284
ord9728
ord12359
ord11881
ord10223
ord4730
ord12117
ord12115
ord8147
ord7546
ord11567
ord7539
ord8810
ord11942
ord7426
ord10453
ord10809
ord11935
ord1650
ord899
ord6013
ord291
ord554
ord758
ord5886
ord1041
ord5908
ord1651
ord343
ord619
ord3995
ord2787
ord6181
ord2401
ord590
ord795
ord3057
ord5947
ord4343
ord4890
ord4893
ord4043
ord7138
ord7332
ord1182
ord2289
ord1098
ord6482
ord4441
ord9747
ord570
ord996
ord341
ord617
ord5675
ord8452
ord9272
ord6018
ord4996
ord5676
ord4213
ord5830
ord6741
ord5548
ord1048
ord4179
ord6035
ord2206
ord2251
ord4747
ord6803
ord4173
ord6801
ord4423
ord4448
ord9965
ord7766
ord12617
ord12165
ord13136
ord10304
ord10457
ord9972
ord13194
ord12404
ord3803
ord4004
ord388
ord650
ord5137
ord3035
ord3340
ord4684
ord4906
ord6553
ord6439
ord4641
ord2090
ord5171
ord5285
ord4677
ord5945
ord3009
ord5861
ord1462
ord6044
ord5606
ord2239
ord2204
ord6762
ord2867
ord2859
ord4994
ord9308
ord10193
ord2654
ord340
ord2207
ord4630
ord5166
ord3236
ord3498
ord3166
ord1138
ord1652
ord1326
ord4234
ord4250
ord2593
ord1678
ord4235
ord5867
ord463
ord711
ord6168
ord6512
ord9452
ord10143
ord10136
ord7087
ord6692
ord815
ord6807
ord6081
ord4254
ord3812
ord3994
ord3122
ord5151
ord5344
ord4888
ord5055
ord5012
ord4887
ord4918
ord5409
ord402
ord596
ord798
ord6173
ord4159
ord3868
ord9404
ord6951
ord7220
ord9561
ord11306
ord12294
ord10475
ord11822
ord9405
ord6954
ord7221
ord12890
ord12844
ord7463
ord9562
ord1096
ord11307
ord12295
ord10268
ord9766
ord11762
ord10855

msvcr90

_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
memmove
_ftime64
_vswprintf
tolower
iswalnum
wcstoul
_purecall
_wcsupr
__wargv
__argc
atof
wcsncpy
fgetws
fseek
fread
_gmtime64
strncmp
sscanf
_wtoi
memset
wcstod
swscanf
bsearch
qsort
_wtoi64
_wcsicmp
iswxdigit
isxdigit
towlower
wcsrchr
fclose
strpbrk
fgets
_wfopen
wcspbrk
wcsncmp
memmove_s
rand
_swprintf
srand
wcschr
memcpy_s
wcsstr
_atoi64
malloc
memchr
strcat_s
strtoul
strncpy_s
calloc
sprintf_s
strcpy_s
strrchr
atoi
_memicmp
_stricmp
_strnicmp
_strupr
_strlwr
__CxxFrameHandler3
memcpy
free
_time64
sprintf
strchr
strstr
_wcmdln
_wcsnicmp

kernel32

LoadResource
GetComputerNameW
FindFirstFileW
FindNextFileW
LockResource
SizeofResource
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryW
GetSystemTime
GetSystemDefaultLCID
SetThreadLocale
CompareFileTime
GetSystemTimeAsFileTime
GetVersion
lstrcpynW
GetFileTime
DeleteFileW
CopyFileW
GetLocalTime
CompareStringW
RemoveDirectoryW
GetTempFileNameW
CreateDirectoryW
FindResourceW
InterlockedCompareExchange
FindClose
CreateMutexW
GetModuleFileNameW
ReleaseMutex
GetCurrentProcess
lstrlenW
CreateProcessW
FileTimeToLocalFileTime
WaitForSingleObject
GetThreadPriority
SetFileTime
GetTimeZoneInformation
GetTickCount
InterlockedExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetComputerNameA
WriteFile
ReadFile
CloseHandle
SetEndOfFile
SetFilePointer
CreateFileW
MoveFileW
GetFileAttributesW
FormatMessageW
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
Sleep
GetTimeFormatW
GetDateFormatW
ResumeThread
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError

user32

FrameRect
DrawFocusRect
GetAsyncKeyState
InvalidateRect
GetFocus
GetClientRect
GetWindowRect
GetSysColorBrush
OffsetRect
RedrawWindow
IsWindowVisible
GetDlgCtrlID
SetWindowPos
InflateRect
GetLastActivePopup
TranslateMessage
DispatchMessageW
GetWindow
InsertMenuW
CheckMenuItem
SetMenuDefaultItem
PeekMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetForegroundWindow
wsprintfW
SetParent
LoadStringW
SetPropW
DrawFrameControl
IsWindow
SetFocus
IsIconic
GetMenuItemInfoW
GetMenuItemCount
DeleteMenu
AppendMenuW
GetMenu
DrawMenuBar
GetMenuState
ModifyMenuW
SetRectEmpty
FillRect
DrawEdge
GetDCEx
ReleaseDC
LoadIconW
GetSystemMenu
EnableMenuItem
GetDesktopWindow
GetPropW
ShowWindow
RegisterClipboardFormatW
ExitWindowsEx
SetClipboardViewer
ChangeClipboardChain
GetClipboardData
ScreenToClient
GetDC
GetClassNameW
GetWindowLongW
CopyRect
GetSysColor
PostMessageW
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
LoadCursorW
SetCursor
GetSubMenu
PtInRect
LoadMenuW
GetCursorPos
KillTimer
SetTimer
IsChild
GetParent
LoadBitmapW
SendMessageW
LoadImageW
EnableWindow

gdi32

SelectObject
DeleteObject
CreateSolidBrush
PatBlt
CreateCompatibleBitmap
BitBlt
GetTextMetricsW
CreateCompatibleDC
FillRgn
GetTextExtentPoint32W
CreateFontIndirectW
GetStockObject
GetObjectW
CreateRectRgnIndirect
CombineRgn

advapi32

RegEnumValueW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetUserNameW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
DragFinish
DragQueryFileW
SHGetFileInfoW
ShellExecuteW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW

comctl32

ord17
_TrackMouseEvent

ole32

CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance

oleaut32

SysFreeString
SafeArrayUnaccessData
SysAllocString
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc3f846a1350760990c0d5b1b0065e6d

Headers

DLL Characteristics

File Characteristics

Imports

wininet

version

ws2_32

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 229KB - Virtual size: 228KB

.data Size: 9KB - Virtual size: 148KB

.rsrc Size: 267KB - Virtual size: 266KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 229KB - Virtual size: 228KB

.data
Size: 9KB - Virtual size: 148KB

.rsrc
Size: 267KB - Virtual size: 266KB