IcedID[.]zip | Triage

Resubmissions

18/07/2023, 12:31

230718-pqjk8aab35 3

18/07/2023, 12:23

230718-pkjzssag9z 3

Sharing

Copy URL Twitter E-mail

General

Target

IcedID.zip
Size

65KB
MD5

db18389a09c294cda0ca467e66293b31
SHA1

c29a0a94ac6e8c6f871fafb8edfdef55acbf72a3
SHA256

f28ee74f8be56f9bb0ff516428650e6a9a84f6cb6f87688b292a2c2023a3b278
SHA512

ef0391cdabbaa4b97a3994d0a9674ea64222f9bda15262ed24b4724bcb1c806434cab052872d60e888c6a852c6664c9b425397fc516c0c912050ed23ceefdee5
SSDEEP

1536:LHB+2CD9pqu34TGTOMSB0w52QJ3eFXbysatbSJfEFy:yDeIjLatbeGy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IcedID/07858b5cf958e1e27f4c71dc5fa12122d79cabe63ea5a11b909718e4563ac606.dll

Files

IcedID.zip
.zip

Password: infected
IcedID/07858b5cf958e1e27f4c71dc5fa12122d79cabe63ea5a11b909718e4563ac606.dll
.dll windows x64

150c026d59899221bdd1d565da5f91bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

free
_amsg_exit
_XcptFilter
_wmakepath_s
_wsplitpath_s
_wtoi
wcsncpy_s
_ultow_s
wcspbrk
__C_specific_handler
_wcsicmp
_purecall
malloc
memcpy
memcmp
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
memmove
_initterm
__CxxFrameHandler3
memset

msdart

MpHeapFree
?CreateHolder@@YAJPEAUIGPDispenser@@HIPEAPEAUIGPHolder@@@Z
FXMemDetach
MPCSUninitialize
FXMemAttach
MpGetHeapHandle
MPCSInitialize
mpRealloc
mpMalloc
MPInitializeCriticalSection
mpCalloc
MPDeleteCriticalSection
UMSEnterCSWraper
MPInitializeCriticalSectionAndSpinCount
MpHeapAlloc
mpFree

advapi32

RegisterTraceGuidsW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegQueryValueExA
RegOpenKeyA
UnregisterTraceGuids

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
GetStringTypeW
HeapCreate
HeapFree
DebugBreak
HeapReAlloc
HeapAlloc
HeapDestroy
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
UnhandledExceptionFilter
GetDriveTypeW
SearchPathW
GetFullPathNameW
GetSystemDirectoryW
GetCurrentProcessId
GetProcAddress
FreeLibrary
VirtualQuery
LoadLibraryExW
GetModuleFileNameW
DisableThreadLibraryCalls
MultiByteToWideChar
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringW
InterlockedPushEntrySList
LeaveCriticalSection
ExitProcess
VirtualFree
InitializeSListHead
VirtualAlloc
GetSystemInfo
QueryDepthSList
InterlockedPopEntrySList

ole32

CoGetMalloc

oleaut32

VariantClear
SysFreeString
VariantChangeType
SysAllocString
VariantInit
VariantCopy

user32

LoadStringW

Exports

Exports

t?0CBaseObj@@IEAA@W4EBaseObjectType@@PEAJ@Z
t?0CBaseObj@@IEAA@W4EBaseObjectType@@PEAUIUnknown@@PEAJ_N@Z
t?0CBaseObjBoko@@QEAA@W4EBaseObjectType@@PEAJ@Z
t?0CBaseObjZombie@@QEAA@W4EBaseObjectType@@PEAJ@Z
t?0CBitArray@@QEAA@XZ
t?0CClassFactory@@AEAA@XZ
t?0CClassFactory@@QEAA@AEBV0@@Z
t?0CClassFactory@@QEAA@PEAJ0@Z
t?0CConnectData@@QEAA@XZ
t?0CEnum@@QEAA@PEAUIUnknown@@KPEAPEAXU_GUID@@_KKW4CENUMTYPE@@@Z
t?0CEnumConnectionPoints@@QEAA@AEBV0@@Z
t?0CEnumConnectionPoints@@QEAA@PEAUIUnknown@@KPEAPEAUIConnectionPoint@@@Z
t?0CEnumConnections@@QEAA@AEBV0@@Z
t?0CEnumConnections@@QEAA@PEAUIUnknown@@PEAUtagCONNECTDATA@@K@Z
t?0CExtBuffer@@QEAA@XZ
t?0CGenericPooler@@QEAA@$$QEAV0@@Z
t?0CGenericPooler@@QEAA@AEBV0@@Z
t?0CGenericPooler@@QEAA@XZ
t?0CHashTbl@@QEAA@AEBV0@@Z
t?0CHashTbl@@QEAA@XZ
t?0CHashTblAggr@@QEAA@AEBV0@@Z
t?0CHashTblAggr@@QEAA@XZ
t?0CHeapDispenser@@QEAA@$$QEAV0@@Z
t?0CHeapDispenser@@QEAA@AEBV0@@Z
t?0CHeapDispenser@@QEAA@XZ
t?0CRowsetConnectionPoint@@QEAA@AEBV0@@Z
t?0CRowsetConnectionPoint@@QEAA@PEAUIUnknown@@PEBU_GUID@@K@Z
t?0CRowsetConnectionPointContainer@@QEAA@AEBV0@@Z
t?0CRowsetConnectionPointContainer@@QEAA@PEAUIUnknown@@@Z
t?0CSlotListLong@@QEAA@AEBV0@@Z
t?0CSlotListLong@@QEAA@XZ
t?0CSlotListShort@@QEAA@AEBV0@@Z
t?0CSlotListShort@@QEAA@XZ
t?0CUtlPropInfo@@QEAA@AEBV0@@Z
t?0CUtlPropInfo@@QEAA@XZ
t?0CUtlProps2@@QEAA@AEBV0@@Z
t?0CUtlProps2@@QEAA@K@Z
t?0CUtlPropsFastLookup2@@QEAA@$$QEAV0@@Z
t?0CUtlPropsFastLookup2@@QEAA@AEBV0@@Z
t?0CUtlPropsFastLookup2@@QEAA@K@Z
t?0CWString@@QEAA@AEBV0@@Z
t?0CWString@@QEAA@GH@Z
t?0CWString@@QEAA@PEBD@Z
t?0CWString@@QEAA@PEBE@Z
t?0CWString@@QEAA@PEBG@Z
t?0CWString@@QEAA@PEBGH@Z
t?0CWString@@QEAA@XZ
t?0IBookmarkObj@@QEAA@AEBV0@@Z
t?0IBookmarkObj@@QEAA@XZ
t?0IHashTbl@@QEAA@AEBV0@@Z
t?0IHashTbl@@QEAA@XZ
t?0ISlotList@@QEAA@AEBV0@@Z
t?0ISlotList@@QEAA@XZ
t?1CBaseObj@@UEAA@XZ
t?1CBaseObjBoko@@UEAA@XZ
t?1CBaseObjZombie@@UEAA@XZ
t?1CBitArray@@QEAA@XZ
t?1CClassFactory@@QEAA@XZ
t?1CConnectData@@QEAA@XZ
t?1CEnum@@QEAA@XZ
t?1CEnumConnectionPoints@@QEAA@XZ
t?1CEnumConnections@@QEAA@XZ
t?1CExtBuffer@@QEAA@XZ
t?1CHashTbl@@UEAA@XZ
t?1CHashTblAggr@@UEAA@XZ
t?1CRowsetConnectionPoint@@QEAA@XZ
t?1CRowsetConnectionPointContainer@@QEAA@XZ
t?1CSlotListLong@@UEAA@XZ
t?1CSlotListShort@@UEAA@XZ
t?1CUtlPropInfo@@UEAA@XZ
t?1CUtlProps2@@UEAA@XZ
t?1CUtlPropsFastLookup2@@UEAA@XZ
t?1CWString@@QEAA@XZ
t?1IBookmarkObj@@UEAA@XZ
t?1IHashTbl@@UEAA@XZ
t?1ISlotList@@UEAA@XZ
t?4CBaseObj@@QEAAAEAV0@AEBV0@@Z
t?4CBaseObjBoko@@QEAAAEAV0@AEBV0@@Z
t?4CBaseObjZombie@@QEAAAEAV0@AEBV0@@Z
t?4CBitArray@@QEAAAEAV0@AEBV0@@Z
t?4CClassFactory@@QEAAAEAV0@AEBV0@@Z
t?4CConnectData@@QEAAAEAV0@$$QEAV0@@Z
t?4CConnectData@@QEAAAEAV0@AEBV0@@Z
t?4CEnum@@QEAAAEAV0@AEBV0@@Z
t?4CEnumConnectionPoints@@QEAAAEAV0@AEBV0@@Z
t?4CEnumConnections@@QEAAAEAV0@AEBV0@@Z
t?4CExtBuffer@@QEAAAEAV0@AEBV0@@Z
t?4CGenericPooler@@QEAAAEAV0@$$QEAV0@@Z
t?4CGenericPooler@@QEAAAEAV0@AEBV0@@Z
t?4CHashTbl@@QEAAAEAV0@AEBV0@@Z
t?4CHashTblAggr@@QEAAAEAV0@AEBV0@@Z
t?4CHeapDispenser@@QEAAAEAV0@$$QEAV0@@Z
t?4CHeapDispenser@@QEAAAEAV0@AEBV0@@Z
t?4CRowsetConnectionPoint@@QEAAAEAV0@AEBV0@@Z
t?4CRowsetConnectionPointContainer@@QEAAAEAV0@AEBV0@@Z
t?4CSlotListLong@@QEAAAEAV0@AEBV0@@Z
t?4CSlotListShort@@QEAAAEAV0@AEBV0@@Z
t?4CUtlPropInfo@@QEAAAEAV0@AEBV0@@Z
t?4CUtlProps2@@QEAAAEAV0@AEBV0@@Z
t?4CUtlPropsFastLookup2@@QEAAAEAV0@$$QEAV0@@Z
t?4CUtlPropsFastLookup2@@QEAAAEAV0@AEBV0@@Z
t?4CWString@@QEAAAEBV0@AEBV0@@Z
t?4CWString@@QEAAAEBV0@D@Z
t?4CWString@@QEAAAEBV0@G@Z
t?4CWString@@QEAAAEBV0@PEBD@Z
t?4CWString@@QEAAAEBV0@PEBE@Z
t?4CWString@@QEAAAEBV0@PEBG@Z
t?4IBookmarkObj@@QEAAAEAV0@AEBV0@@Z
t?4IHashTbl@@QEAAAEAV0@AEBV0@@Z
t?4ISlotList@@QEAAAEAV0@AEBV0@@Z
t?ACWString@@QEBAGH@Z
t?BCWString@@QEBAPEBGXZ
t?YCWString@@QEAAAEBV0@AEBV0@@Z
t?YCWString@@QEAAAEBV0@D@Z
t?YCWString@@QEAAAEBV0@G@Z
t?YCWString@@QEAAAEBV0@PEBG@Z
t?_7CBaseObj@@6B@
t?_7CBaseObjBoko@@6B@
t?_7CBaseObjZombie@@6B@
t?_7CClassFactory@@6B@
t?_7CEnumConnectionPoints@@6B@
t?_7CEnumConnections@@6B@
t?_7CHashTbl@@6B@
t?_7CHashTblAggr@@6B@
t?_7CHeapDispenser@@6B@
t?_7CRowsetConnectionPoint@@6B@
t?_7CRowsetConnectionPointContainer@@6B@
t?_7CSlotListLong@@6B@
t?_7CSlotListShort@@6B@
t?_7CUtlPropInfo@@6B@
t?_7CUtlProps2@@6B@
t?_7CUtlPropsFastLookup2@@6B@
t?_7IBookmarkObj@@6B@
t?_7IHashTbl@@6B@
t?_7ISlotList@@6B@
t?_FCUtlProps2@@QEAAXXZ
t?_FCUtlPropsFastLookup2@@QEAAXXZ
tAddHashTbl@CHashTblAggr@@QEAAHPEAVCSlotListShort@@@Z
tAddInternalFlags@CUtlProps2@@QEAAXKKK@Z
tAddRef@CClassFactory@@UEAAKXZ
tAddRef@CEnum@@QEAAKXZ
tAddRef@CEnumConnectionPoints@@UEAAKXZ
tAddRef@CEnumConnections@@UEAAKXZ
tAddRef@CHeapDispenser@@UEAAKXZ
tAddRef@CRowsetConnectionPoint@@UEAAKXZ
tAddRef@CRowsetConnectionPointContainer@@UEAAKXZ
tAddSlotToList@CSlotListShort@@AEAAXPEAUtagSLOT@@@Z
tAdjustRange@CHashTbl@@CAKK@Z
tAdvise@CRowsetConnectionPoint@@UEAAJPEAUIUnknown@@PEAK@Z
tAllocBuffer@CWString@@IEAAXH@Z
tAllocCopy@CWString@@IEBAXAEAV1@HHH@Z
tAllocItems@CExtBuffer@@QEAAPEAE_K@Z
tArrayEmpty@CBitArray@@QEAAJXZ
tAssignCopy@CWString@@IEAAXHPEBG@Z
tCalcDescripBuffers@CUtlPropInfo@@AEAAKKPEAUtagDBPROPINFOSET@@@Z
tCbHashTblSize@CHashTbl@@SAKK@Z
tClearError@CWString@@QEAAXXZ
tClearMemberVars@CUtlProps2@@AEAAXXZ
tClearPropSupported@CUtlProps2@@QEAAXKK@Z
tClearPropertyInError@CUtlProps2@@QEAAXXZ
tClearPropsSupported@CUtlProps2@@QEAAXXZ
tClone@CEnumConnectionPoints@@UEAAJPEAPEAUIEnumConnectionPoints@@@Z
tClone@CEnumConnections@@UEAAJPEAPEAUIEnumConnections@@@Z
tCompactExtBuffer@CExtBuffer@@QEAAXXZ
tCompare@CWString@@QEBAHPEBG@Z
tCompareDBIDs@@YAJPEBUtagDBID@@0@Z
tCompareResource@CHeapDispenser@@UEAAHPEAX0@Z
tConcatCopy@CWString@@IEAAXHPEBGH0@Z
tConcatInPlace@CWString@@QEAAXHPEBG@Z
tConflictsWithCurrent@CUtlProps2@@UEAAHKKAEBUtagVARIANT@@@Z
tConvertRowsetIIDtoDBPROPSET@CUtlProps2@@QEAAJPEBU_GUID@@PEAUtagDBPROPSET@@@Z
tCopyAvailUPropSets@CUtlProps2@@QEAAXPEAKPEAPEBUtagUPROPSET@@0@Z
tCopyDBIDs@@YAJPEAUtagDBID@@PEBU1@@Z
tCopyPropsInError@CUtlProps2@@QEAAXPEAK@Z
tCopyPropsInError@CUtlProps2@@QEAAXPEAV1@@Z
tCopyUPropInfo@CUtlProps2@@QEAAXKPEAPEAUtagUPROPINFO@@@Z
tCopyUPropSetsSupported@CUtlProps2@@QEAAXPEAK@Z
tCopyUPropVal@CUtlProps2@@QEAAJKPEAUtagUPROPVAL@@PEAVCColumnIds@@@Z
tCountOfBusySlots@CSlotListLong@@UEAA_KXZ
tCountOfBusySlots@CSlotListShort@@UEAA_KXZ
tCreateResource@CHeapDispenser@@UEAAJPEAXK0PEAPEAXPEAH@Z
tCreateVLHeap@@YAJPEAPEAUIVLHeap@@@Z
tDWORDIntoExtBuffer@CExtBuffer@@QEAAJ_K@Z
tDecoupleSlot@CSlotListShort@@AEAAXPEAUtagSLOT@@@Z
tDeleteBmk@CHashTbl@@UEAAJ_K@Z
tDeleteBmk@CHashTblAggr@@UEAAJ_K@Z
tDeleteFromExtBuffer@CExtBuffer@@QEAAX_K@Z
tDeleteWithCompactFromExtBuffer@CExtBuffer@@QEAAX_K@Z
tDestroyResource@CHeapDispenser@@UEAAJPEAX@Z
tDoFcNotify@CRowsetConnectionPointContainer@@QEAAJKW4DBREASONENUM@@W4DBEVENTPHASEENUM@@PEAUIRowset@@_K3QEA_K@Z
tDoNotify@CRowsetConnectionPoint@@QEAAJW4DBREASONENUM@@W4DBEVENTPHASEENUM@@W4ENOTIFICATIONTYPE@@PEAUIRowset@@PEATtagNOTIFYARGS@@@Z
tDoRcNotify@CRowsetConnectionPointContainer@@QEAAJKW4DBREASONENUM@@W4DBEVENTPHASEENUM@@PEAUIRowset@@_KQEA_K@Z
tDoRscNotify@CRowsetConnectionPointContainer@@QEAAJKW4DBREASONENUM@@W4DBEVENTPHASEENUM@@PEAUIRowset@@@Z
tElementAt@CWString@@QEBA?AV1@QEAGH@Z
tEmpty@CWString@@QEAAXXZ
tEnumConnectionPoints@CRowsetConnectionPointContainer@@UEAAJPEAPEAUIEnumConnectionPoints@@@Z
tEnumConnections@CRowsetConnectionPoint@@UEAAJPEAPEAUIEnumConnections@@@Z
tFInit@CBaseObj@@IEAAJXZ
tFInit@CBitArray@@QEAAJ_K@Z
tFInit@CExtBuffer@@QEAAHPEAV1@@Z
tFInit@CExtBuffer@@QEAAH_K0@Z
tFInit@CExtBuffer@@QEAAH_KPEAX00@Z
tFInit@CHashTbl@@QEAAHGPEAVCSlotListShort@@PEAVIBookmarkObj@@@Z
tFInit@CHashTblAggr@@QEAAHPEAVCHashTbl@@@Z
tFInit@CSlotListLong@@UEAAH_KPEAPEAVISlotList@@PEAPEAVIHashTbl@@0@Z
tFInit@CSlotListShort@@UEAAH_KPEAPEAVISlotList@@PEAPEAVIHashTbl@@0@Z
tFInit@CUtlPropInfo@@QEAAJXZ
tFInit@CUtlProps2@@UEAAJPEAV1@@Z
tFInit@CUtlPropsFastLookup2@@UEAAJPEAV1@@Z
tFInitializeGPStructures@CGenericPooler@@QEAAXXZ
tFIsDefaultValue@CUtlProps2@@QEAAHKKPEAUtagVARIANT@@@Z
tFIsValidColId@CUtlProps2@@UEAAHPEAUtagDBPROP@@@Z
tFillDefaultValues@CUtlProps2@@QEAAJK@Z
tFindConnectionPoint@CRowsetConnectionPointContainer@@UEAAJAEBU_GUID@@PEAPEAUIConnectionPoint@@@Z
tForgetEvent@CConnectData@@QEAAXW4DBREASONENUM@@W4DBEVENTPHASEENUM@@@Z
tForgetEvent@CRowsetConnectionPoint@@AEAAXW4DBREASONENUM@@W4DBEVENTPHASEENUM@@@Z
tForgetReason@CConnectData@@QEAAXW4DBREASONENUM@@@Z
tFoundError@CWString@@QEBAHXZ
tFree@CExtBuffer@@QEAAXXZ
tFreeDBIDs@@YAXPEAUtagDBID@@@Z
tFreeExtra@CWString@@QEAAXXZ
tFreeMemory@CUtlProps2@@AEAAXXZ
tGetAllocLength@CWString@@QEBAHXZ
tGetBaseObjectType@CBaseObj@@QEAA?AW4EBaseObjectType@@XZ
tGetBaseObjectTypeName@CBaseObj@@QEAAPEAGXZ
tGetBidID@CBaseObj@@QEAAHXZ
tGetBokoTimestamp@CBaseObjZombie@@QEAAXXZ
tGetBuffer@CWString@@QEAAPEAGH@Z
tGetBufferSetLength@CWString@@QEAAPEAGH@Z
tGetCd@CConnectData@@QEAAPEAUtagCONNECTDATA@@XZ
tGetConnectionInterface@CRowsetConnectionPoint@@UEAAJPEAU_GUID@@@Z
tGetConnectionPointContainer@CRowsetConnectionPoint@@UEAAJPEAPEAUIConnectionPointContainer@@@Z
tGetCountofColids@CUtlProps2@@AEAAKPEAUtagUPROP@@@Z
tGetCountofWritablePropsInPropSet@CUtlProps2@@AEAAKK@Z
tGetCriticalSection@CBaseObj@@QEAAPEAPEAVCCriticalSection@@XZ
tGetDWORDOfExtBuffer@CExtBuffer@@QEAA_K_K@Z
tGetExpectedVarType@CUtlProps2@@QEAAGKK@Z
tGetGuid@CUtlProps2@@QEAAPEBU_GUID@@K@Z
tGetHeapDispenser@CGenericPooler@@QEAAPEAVCHeapDispenser@@XZ
tGetHeapHolder@CGenericPooler@@QEAAPEAUIGPHolder@@XZ
tGetIndexofPropIdinPropSet@CUtlProps2@@UEAAJKKPEAK@Z
tGetIndexofPropIdinPropSet@CUtlPropsFastLookup2@@MEAAJKKPEAK@Z
tGetIndexofPropSet@CUtlProps2@@UEAAJPEBU_GUID@@PEAK@Z
tGetInternalFlags@CUtlProps2@@QEAAKKK@Z
tGetInternalStatus@CUtlProps2@@QEAAKKK@Z
tGetItemCount@CExtBuffer@@QEBA_KXZ
tGetItemMax@CExtBuffer@@QEBA_KXZ
tGetItemOfExtBuffer@CExtBuffer@@QEAAX_KPEAX@Z
tGetItemSize@CExtBuffer@@QEBA_KXZ
tGetLastItemHandle@CExtBuffer@@QEAAXAEA_K@Z
tGetLength@CWString@@QEBAHXZ
tGetNameFromOffset@CExtBuffer@@QEAAPEAG_K@Z
tGetNextSlots@CSlotListLong@@UEAAJ_K0PEA_K@Z
tGetNextSlots@CSlotListShort@@UEAAJ_K0PEA_K@Z
tGetNthElement@CEnum@@AEAAPEAXK@Z
tGetNthUnknown@CEnum@@AEAAPEAUIUnknown@@K@Z
tGetOuterUnknown@CBaseObj@@QEAAPEAUIUnknown@@XZ
tGetPropID@CUtlProps2@@QEAAKKK@Z
tGetPropOption@CUtlProps2@@QEAAKKK@Z
tGetPropStatus@CUtlProps2@@QEAAKPEAUtagUPROPVAL@@@Z
tGetPropValue@CUtlProps2@@QEAAJPEBU_GUID@@KPEAUtagVARIANT@@@Z
tGetProperties@CUtlProps2@@QEAAJKQEBUtagDBPROPIDSET@@PEAKPEAPEAUtagDBPROPSET@@@Z
tGetProperties@CUtlProps2@@QEAAJKQEBUtagDBPROPIDSET@@PEAKPEAPEAUtagDBPROPSET@@PEBU_GUID@@@Z
tGetPropertiesArgChk@CUtlProps2@@QEAAJKQEBUtagDBPROPIDSET@@PEAKPEAPEAUtagDBPROPSET@@@Z
tGetPropertyInfo@CUtlPropInfo@@QEAAJKQEBUtagDBPROPIDSET@@PEAKPEAPEAUtagDBPROPINFOSET@@PEAPEAG@Z
tGetPropertySetIndex@CUtlPropInfo@@AEAAJPEBU_GUID@@@Z
tGetPropsInErrorPtr@CUtlProps2@@QEAAPEAKXZ
tGetPtrOfExtBuffer@CExtBuffer@@QEAAPEAXXZ
tGetPtrOfExtBuffer@CExtBuffer@@QEAAPEAX_K@Z
tGetResource@CGenericPooler@@QEAAJPEAPEAXPEAUIGPHolder@@PEAUIGPDispenser@@0PEAX@Z
tGetRowBuff@CSlotListLong@@UEAAPEAUtagRowBuff@@_K@Z
tGetRowBuff@CSlotListShort@@UEAAPEAUtagRowBuff@@_K@Z
tGetStatus@CUtlProps2@@QEAAKKK@Z
tGetTimestamp@CBaseObjBoko@@QEAAXPEAK@Z
tGetUPropInfoPtr@CUtlPropInfo@@AEAAJKKPEAPEAUtagUPROPINFO@@@Z
tGetUPropSetCount@CUtlPropInfo@@IEAAKXZ
tGetUPropSetCount@CUtlProps2@@QEAAKXZ
tGetUPropValIndex@CUtlProps2@@MEAAKKK@Z
tGetUPropValIndex@CUtlPropsFastLookup2@@MEAAKKK@Z
tGetValBool@CUtlProps2@@QEBAFKK@Z
tGetValByRef@CUtlProps2@@QEBAPEAXKK@Z
tGetValLong@CUtlProps2@@QEBAJKK@Z
tGetValLongLong@CUtlProps2@@QEBA_JKK@Z
tGetValShort@CUtlProps2@@QEBAFKK@Z
tGetValString@CUtlProps2@@QEAAPEBGKK@Z
tGetVariant@CUtlProps2@@QEAAPEAUtagVARIANT@@KK@Z
tHashKey@CHeapDispenser@@UEAAHPEAXKPEAH@Z
tInit@CRowsetConnectionPointContainer@@QEAAJXZ
tInit@CWString@@IEAAXXZ
tInsertFindBmk@CHashTbl@@UEAAJH_K0PEAEPEA_K@Z
tInsertFindBmk@CHashTblAggr@@UEAAJH_K0PEAEPEA_K@Z
tInsertIntoExtBuffer@CExtBuffer@@QEAAJPEAXAEA_K@Z
tIsEmpty@CUtlProps2@@QEAAHKK@Z
tIsEmpty@CWString@@QEBAHXZ
tIsPropSet@CUtlProps2@@QEAAHPEBU_GUID@@K@Z
tIsRequiredFalse@CUtlProps2@@QEAAHKK@Z
tIsRequiredTrue@CUtlProps2@@QEAAHKK@Z
tIsSetIfCan@CUtlProps2@@QEAAHKK@Z
tIsSlotSet@CBitArray@@QEAAJ_K@Z
tIsTrue@CUtlProps2@@QEAAHKK@Z
tIsValidSlot@CSlotListLong@@UEAAJ_K@Z
tIsValidSlot@CSlotListShort@@UEAAJ_K@Z
tIsZombie@CBaseObjBoko@@QEAAHK@Z
tIsZombie@CBaseObjZombie@@QEAAHXZ
tLoadResourceDLL@@YAJPEAG0PEAXPEAPEAX@Z
tLoadStringW@CWString@@QEAAHPEAXI@Z
tLockServer@CClassFactory@@UEAAJH@Z
tMakeZombies@CBaseObjBoko@@QEAAXXZ
tMid@CWString@@QEBA?AV1@H@Z
tMid@CWString@@QEBA?AV1@HH@Z
tNext@CEnum@@QEAAJKPEAPEAXPEAK@Z
tNext@CEnumConnectionPoints@@UEAAJKPEAPEAUIConnectionPoint@@PEAK@Z
tNext@CEnumConnections@@UEAAJKPEAUtagCONNECTDATA@@PEAK@Z
tNextBusySlot@CSlotListLong@@UEAAJPEA_K@Z
tNextBusySlot@CSlotListShort@@UEAAJPEA_K@Z
tNoBusySlots@CSlotListLong@@UEAAJXZ
tNoBusySlots@CSlotListShort@@UEAAJXZ
tNumElements@CWString@@QEBAKQEAG@Z
tOLEDBGetCharTypeW@@YAHKGPEAG@Z
tOkToPersistSensitiveAuthInfo@CUtlProps2@@QEAAFXZ
tQueryInterface@CClassFactory@@UEAAJAEBU_GUID@@PEAPEAX@Z
tQueryInterface@CEnum@@QEAAJAEBU_GUID@@PEAPEAXPEAUIUnknown@@@Z
tQueryInterface@CEnumConnectionPoints@@UEAAJAEBU_GUID@@PEAPEAX@Z
tQueryInterface@CEnumConnections@@UEAAJAEBU_GUID@@PEAPEAX@Z
tQueryInterface@CHeapDispenser@@UEAAJAEBU_GUID@@PEAPEAX@Z
tQueryInterface@CRowsetConnectionPoint@@UEAAJAEBU_GUID@@PEAPEAX@Z
tQueryInterface@CRowsetConnectionPointContainer@@UEAAJAEBU_GUID@@PEAPEAX@Z
tRateRes@CHeapDispenser@@UEAAJPEAXK0PEAH@Z
tRecordInternalUse@CSlotListLong@@UEAAXXZ
tRecordInternalUse@CSlotListShort@@UEAAXXZ
tRelease@CClassFactory@@UEAAKXZ
tRelease@CEnum@@QEAAKXZ
tRelease@CEnumConnectionPoints@@UEAAKXZ
tRelease@CEnumConnections@@UEAAKXZ
tRelease@CHeapDispenser@@UEAAKXZ
tRelease@CRowsetConnectionPoint@@UEAAKXZ
tRelease@CRowsetConnectionPointContainer@@UEAAKXZ
tReleaseBuffer@CWString@@QEAAXH@Z
tReleaseHolders@CGenericPooler@@QEAAXXZ
tReleaseResource@CGenericPooler@@QEAAXPEAXPEAUIGPHolder@@PEAUIGPDispenser@@0@Z
tReleaseSlots@CSlotListLong@@UEAA_K_K0@Z
tReleaseSlots@CSlotListShort@@UEAA_K_K0@Z
tRemoveInternalFlags@CUtlProps2@@QEAAXKKK@Z
tReplaceAt@CWString@@QEAAXHHPEBGH@Z
tReplaceInExtBuffer@CExtBuffer@@QEAAJ_K0PEBX0@Z
tReset@CConnectData@@QEAAHXZ
tReset@CEnum@@QEAAJXZ
tReset@CEnumConnectionPoints@@UEAAJXZ
tReset@CEnumConnections@@UEAAJXZ
tResetAllSlots@CBitArray@@QEAAXXZ
tResetBusySlotIteration@CSlotListLong@@UEAAXXZ
tResetBusySlotIteration@CSlotListShort@@UEAAXXZ
tResetResource@CHeapDispenser@@UEAAJPEAX@Z
tResetSlot@CBitArray@@QEAAX_K@Z
tResetSlots@CBitArray@@QEAAX_K0@Z
tRestoreInternalFlags@CUtlProps2@@QEAAXKK@Z
tRestoreInternalStatus@CUtlProps2@@QEAAXKK@Z
tRetrieveColumnIdProps@CUtlProps2@@AEAAXPEAUtagDBPROP@@PEAUtagUPROPVAL@@PEAK@Z
tSLSlotCapacity@CSlotListLong@@UEAA_KXZ
tSLSlotCapacity@CSlotListShort@@UEAA_KXZ
tSafeDelete@CWString@@KAXPEAG@Z
tSafeStrlen@CWString@@KAHPEBG@Z
tSaveInternalFlags@CUtlProps2@@QEAAXKK@Z
tSaveInternalStatus@CUtlProps2@@QEAAXKK@Z
tSecureGetValue@CUtlProps2@@UEAAJKKPEAUtagVARIANT@@0@Z
tSecureSetValue@CUtlProps2@@UEAAJKKPEAUtagVARIANT@@0@Z
tSetAt@CWString@@QEAAXHG@Z
tSetBoko@CBaseObjZombie@@QEAAXPEAVCBaseObjBoko@@@Z
tSetCombinedPassThrough@CUtlProps2@@UEAAJPEBUtagDBPROPSET@@K@Z
tSetError@CWString@@QEAAXXZ
tSetInternalStatus@CUtlProps2@@QEAAXKKK@Z
tSetItemCount@CExtBuffer@@QEAAX_K@Z
tSetPassThrough@CUtlProps2@@UEAAJPEBUtagDBPROPSET@@@Z
tSetPos@CEnum@@QEAAJK@Z
tSetPos@CEnumConnectionPoints@@QEAAJK@Z
tSetPos@CEnumConnections@@QEAAJK@Z
tSetPropOption@CUtlProps2@@QEAAXKKK@Z
tSetPropRequired@CUtlProps2@@QEAAXKKF@Z
tSetPropSupported@CUtlProps2@@QEAAXKK@Z
tSetPropValue@CUtlProps2@@QEAAJPEBU_GUID@@KPEAUtagVARIANT@@@Z
tSetProperties@CUtlProps2@@QEAAJKQEBUtagDBPROPSET@@H@Z
tSetPropertiesArgChk@CUtlProps2@@SAJKQEBUtagDBPROPSET@@@Z
tSetProperty@CUtlProps2@@AEAAJKKPEAUtagDBPROP@@@Z
tSetPropertyInError@CUtlProps2@@QEAAXKK@Z
tSetPropertyStatus@CUtlProps2@@QEAAXKQEBUtagDBPROPSET@@@Z
tSetReasons@CRowsetConnectionPoint@@AEAAXXZ
tSetSlot@CBitArray@@QEAAJ_K@Z
tSetSlots@CBitArray@@QEAAJ_K0@Z
tSetStatus@CUtlProps2@@QEAAXKKK@Z
tSetUPropSetCount@CUtlPropInfo@@IEAAXK@Z
tSetUPropSetCount@CUtlProps2@@QEAAXK@Z
tSetValBool@CUtlProps2@@QEAAXKKF@Z
tSetValByRef@CUtlProps2@@QEAAXKKPEAX@Z
tSetValEmpty@CUtlProps2@@QEAAXKK@Z
tSetValLong@CUtlProps2@@QEAAXKKJ@Z
tSetValLongLong@CUtlProps2@@QEAAXKK_J@Z
tSetValShort@CUtlProps2@@QEAAXKKF@Z
tSetValString@CUtlProps2@@UEAAJKKPEBG@Z
tSetVariant@CUtlProps2@@QEAAJKKPEAUtagVARIANT@@@Z
tSkip@CEnum@@QEAAJK@Z
tSkip@CEnumConnectionPoints@@UEAAJK@Z
tSkip@CEnumConnections@@UEAAJK@Z
tTransfer@CExtBuffer@@QEAAXPEAV1@@Z
tUnadvise@CRowsetConnectionPoint@@UEAAJK@Z
tWriteIntoExtBuffer@CExtBuffer@@QEAAJPEBX_K@Z
tWriteWCharToExtBuffer@CExtBuffer@@QEAAJG_K@Z
tZombieMustUnprepare@CBaseObjBoko@@QEAAHXZ
tZombieMustUnprepare@CBaseObjZombie@@QEAAHXZ
tfGetCopyOf@CBitArray@@QEAAHPEAV1@@Z
tfInit@CRowsetConnectionPoint@@QEAAHXZ
tfOkToFire@CConnectData@@QEAAHW4DBREASONENUM@@W4DBEVENTPHASEENUM@@@Z
tfReasonNeeded@CRowsetConnectionPoint@@QEAAHW4DBREASONENUM@@W4DBEVENTPHASEENUM@@@Z
tfReasonNeeded@CRowsetConnectionPointContainer@@QEAAHKW4DBREASONENUM@@W4DBEVENTPHASEENUM@@@Z
tsm_rgPropStatusFromInternStatus@CUtlProps2@@0QBKB
vcab

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sdbid
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

150c026d59899221bdd1d565da5f91bc

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

msdart

advapi32

kernel32

ole32

oleaut32

user32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.sdbid Size: 1024B - Virtual size: 928B

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 1024B - Virtual size: 620B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.sdbid
Size: 1024B - Virtual size: 928B

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 1024B - Virtual size: 620B