14b9d3b6b7c2e710a923dd32abd0ddff

Sharing

Copy URL

Twitter E-mail

General

Target

14b9d3b6b7c2e710a923dd32abd0ddff
Size

688KB
MD5

14b9d3b6b7c2e710a923dd32abd0ddff
SHA1

d728f721688fdcc8b81c7876d3834e2b2ee8e9c4
SHA256

00213c715a34e2ad8b62001b7df7d11936ecb034825adcb780112c52657c2386
SHA512

7c831594adf2314b83e21b0bad290df8f3e6109d134e68fc13a3775987521dc4d25d38371646d68052afd01333dc3fa76a30f8f1d2c97772b4ca0e86170bb70e
SSDEEP

12288:CbHvVKjkN8Oi3C0eYAwXrgpcHkPFX0VZ8t2Xb:Cb9+e0eYlXrghFX0LW2Xb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14b9d3b6b7c2e710a923dd32abd0ddff

Files

14b9d3b6b7c2e710a923dd32abd0ddff
.dll windows:4 windows x86 arch:x86

0e439f75ab484d1ca7b7c40a1ed452a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
FreeLibrary
CompareStringA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetLastError
SetLastError
ExitProcess
ResetEvent
GetModuleHandleA
InterlockedExchange
GetVersionExA
CloseHandle
ReleaseMutex
OpenMutexW
CreateMutexW
GetVersion
OutputDebugStringW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InterlockedCompareExchange
SetEvent

ole32

CoRegisterMessageFilter
CoUninitialize
CreateBindCtx
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayUnlock
SafeArrayCreate
SafeArrayLock
SafeArrayCopy
SafeArrayDestroy
VariantInit
VariantChangeType
SysAllocString
VarCmp
VariantCopy
VariantClear

xprt5

_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
?Replace@TBstr@XPRT@@QAEHGG@Z
?Normalize@TBstr@XPRT@@QAEAAV12@XZ
?MakeUpper@TBstr@XPRT@@QAEAAV12@XZ
_XprtHexToBin@16
_XprtMemAlloc@4
??0TAesCipher@XPRT@@QAE@W4ECipherOp@TCipher@1@PBEH@Z
?SetMode@TBlockCipher@XPRT@@QAEXW4ECipherMode@12@@Z
?SetIv@TBlockCipher@XPRT@@QAEXPBE@Z
?ProcessData@TBlockCipher@XPRT@@UAEHPAEH_N@Z
??1TAesCipher@XPRT@@UAE@XZ
??0TMd5Digest@XPRT@@QAE@H@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
?Empty@TBstr@XPRT@@QAEXXZ
xprt_snprintf
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Append@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?GetTickCount@TTime@XPRT@@SA?AV12@XZ
?GetSecond@TTime@XPRT@@QBEHXZ
?GetMinute@TTime@XPRT@@QBEHXZ
?GetHour@TTime@XPRT@@QBEHXZ
?GetYear@TTime@XPRT@@QBEHXZ
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
?GetMonth@TTime@XPRT@@QBEHXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Find@TBstr@XPRT@@QBEHPBGH@Z
xprt_memset
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Format@TBstr@XPRT@@QAAXPBGZZ
?GetLength@TBstr@XPRT@@QBEHXZ
_XprtMemFree@4
_XprtCompareString@8
_XprtFreeString@4
_XprtAllocString@4
?Add@TPtrArray@XPRT@@QAEHPAX@Z
?RemoveAt@TPtrArray@XPRT@@QAEXHH@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??0TBstr@XPRT@@QAE@XZ
??1TPtrArray@XPRT@@QAE@XZ
??0TPtrArray@XPRT@@QAE@XZ
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?Compare@TBstr@XPRT@@QBEHPBG@Z
??0TBstr@XPRT@@QAE@ABV01@@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
?GetString@TBstr@XPRT@@QBEPBGXZ
??0TBstr@XPRT@@QAE@PBG@Z
??0TFile@XPRT@@QAE@XZ
??1TFile@XPRT@@UAE@XZ
?IsOpen@TFile@XPRT@@QBE_NXZ
?Open@TFile@XPRT@@QAE_NPBGI_N@Z
_XprtUninitialize@0
_XprtInitialize@8
xprt_strlen
xprt_memcpy
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
??0TMessageDigest@XPRT@@QAE@XZ
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
kSystemEncoding
??1TBstr@XPRT@@QAE@XZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?Lock@TSpinLock@XPRT@@QAEXXZ
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?GetAt@TBstr@XPRT@@QBEGH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
_XprtAtomicDecrement@4
xprt_memmove
xprt_strcmp
_XprtAtomicIncrement@4
_XprtMemRealloc@8
?Assign@TBstr@XPRT@@QAEAAV12@PBGH@Z
?Replace@TBstr@XPRT@@QAEHPBG0@Z
??0TBstr@XPRT@@QAE@PBDHPBG@Z
?Left@TBstr@XPRT@@QBE?AV12@H@Z
_XprtStringUtf8ByteLen@8
_XprtStringToUtf8@16
?Find@TBstr@XPRT@@QBEHGH@Z
_XprtStringByteLen@8
?ReverseFind@TBstr@XPRT@@QBEHG@Z
?TrimRight@TBstr@XPRT@@QAEAAV12@G@Z
?GetTime64@TTime@XPRT@@QBE_JXZ
?Right@TBstr@XPRT@@QBE?AV12@H@Z
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
_XprtBinToBase64@16
_XprtBase64ToBin@12
?GetDay@TTime@XPRT@@QBEHXZ
xprt_iswdigit

msvcrt

_itoa
_adjust_fdiv
_initterm
_onexit
__dllonexit
_snwprintf
qsort
realloc
abort
calloc
rand
strtok
strchr
sscanf
strcmp
fflush
gmtime
fprintf
printf
isprint
exit
strncpy
malloc
memcmp
strcat
strcpy
memcpy
_iob
sprintf
strlen
_purecall
wcscpy
difftime
wcslen
isalpha
memmove
_vsnprintf
time
srand
_tzset
_ftime
getenv
atoi
??3@YAXPAX@Z
free
??2@YAPAXI@Z
memset
_except_handler3
_strdup

ws2_32

ntohs
WSAStartup
WSAGetLastError
gethostname
inet_ntoa
WSACleanup
gethostbyname
htonl
inet_addr

wininet

InternetCrackUrlW
InternetSetOptionW
InternetCloseHandle
HttpQueryInfoA
InternetConnectW
InternetOpenW
InternetQueryDataAvailable
InternetReadFileExA
HttpSendRequestW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
InternetInitializeAutoProxyDll

user32

DestroyWindow
MsgWaitForMultipleObjects
TranslateMessage
SetTimer
KillTimer

advapi32

RegCloseKey

Exports

Exports

EEGetModuleInterop

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e439f75ab484d1ca7b7c40a1ed452a4

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

xprt5

msvcrt

ws2_32

wininet

user32

advapi32

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 286KB

.rdata Size: 100KB - Virtual size: 96KB

.data Size: 24KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 824B

.reloc Size: 44KB - Virtual size: 40KB

.text Size: 224KB - Virtual size: 224KB

.text
Size: 288KB - Virtual size: 286KB

.rdata
Size: 100KB - Virtual size: 96KB

.data
Size: 24KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 824B

.reloc
Size: 44KB - Virtual size: 40KB

.text
Size: 224KB - Virtual size: 224KB