26ab01bcdf096148181eda3b28c5a028

Sharing

Copy URL Twitter E-mail

General

Target

26ab01bcdf096148181eda3b28c5a028
Size

1.1MB
MD5

26ab01bcdf096148181eda3b28c5a028
SHA1

edcad1cde41cde00217d2606984b342bf8881367
SHA256

60743bbc8a6cf478a8bcb7facb3aeb3d331bb97936dcc1137c2b1a75b300e047
SHA512

8da88735b84fdbb82f78d6234be41ad2851c8594688c770250c40d3b0e4ff109d1efe553ed0e179778203b856cad13c8033fe81340165b5e81bc1d7225e58a84
SSDEEP

24576:EZKxiXRQ71G4zrKFSnTH65pImbDcKidB5VyGg2jh50Nn5vzjA1:EDYruFUj65gK6zbg8QnjA1

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BitCometTracker_0.4/BitCometTracker.exe
unpack001/BitCometTracker_0.4/BitCometTrackerLaunch.exe
unpack001/BitCometTracker_0.4/CrashReport.exe
unpack001/BitCometTracker_0.4/Plugins_example/db_mssql.dll
unpack001/BitCometTracker_0.4/Plugins_example/db_mysql.dll
unpack001/BitCometTracker_0.4/Plugins_example/libmySQL.dll
unpack001/BitCometTracker_0.4/dbghelp.dll

Files

26ab01bcdf096148181eda3b28c5a028
.rar
BitCometTracker_0.4/BitCometTracker.exe
.exe windows:4 windows x86 arch:x86

1930cb00693084091427caabf69d5f61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
HeapReAlloc
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
Sleep
GetCPInfo
GetACP
GetOEMCP
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetProcessHeap
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
RemoveDirectoryW
HeapAlloc
HeapFree
GetVersionExW
SetErrorMode
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedExchangeAdd
CreateProcessW
lstrcatW
FileTimeToDosDateTime
OutputDebugStringW
GlobalMemoryStatus
ReleaseSemaphore
CreateSemaphoreA
FormatMessageA
ReleaseMutex
CreateMutexA
InterlockedCompareExchange
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
FileTimeToSystemTime
GetThreadLocale
lstrlenA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
WaitForSingleObject
SetThreadPriority
CloseHandle
WritePrivateProfileStringW
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAlloc
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
WideCharToMultiByte
InterlockedDecrement
GetModuleFileNameW
lstrlenW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetLastError
SetLastError
lstrcmpW
GetModuleHandleW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
MultiByteToWideChar
lstrcpyW
GetWindowsDirectoryW
GetProcAddress
LoadLibraryW
FindClose
FindNextFileW
FindFirstFileW
FreeLibrary
GetTickCount
GetCurrentProcess
TerminateProcess
FindResourceW
LoadResource
LockResource
GetStringTypeW
SizeofResource

user32

DestroyMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
PostMessageW
EnableWindow
LoadIconW
GetSystemMenu
AppendMenuW
IsIconic
SendMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
CopyRect
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
GetSystemMetrics
GetClientRect
DrawIcon
SetTimer
KillTimer
SetWindowLongW
MessageBeep
GetMessagePos
ScreenToClient
PtInRect
InvalidateRect
PostQuitMessage
GetWindowThreadProcessId
SetRect
SetCursor
GetWindowRect
GetParent
RedrawWindow
wsprintfW
wvsprintfW
SendMessageTimeoutW
FindWindowW
UnregisterClassA
IsWindow
GetSysColor
GetDC
ReleaseDC
InflateRect
LoadCursorW
CopyIcon
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongW
DestroyWindow
MapDialogRect
SetWindowContextHelpId
ValidateRect
GetCursorPos
TranslateMessage
GetMessageW
WindowFromPoint
GetSysColorBrush
UnregisterClassW
SetCapture
ReleaseCapture
PostThreadMessageW
RegisterClipboardFormatW
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
CharNextW
IsWindowVisible
CharUpperW
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
CallWindowProcW
DefWindowProcW
GetDlgCtrlID

gdi32

SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetDeviceCaps
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
ExtTextOutW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteDC
GetTextExtentPoint32W
CreateFontIndirectW
GetStockObject
GetObjectW

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

GetUserNameW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegQueryValueW
RegOpenKeyExW

shell32

ShellExecuteW

comctl32

ord17

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoGetClassObject
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
OleCreateFontIndirect
VariantCopy
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString

ws2_32

WSAStartup
ntohs
closesocket
htonl
htons
accept
bind
WSAGetLastError
getsockname
WSASetLastError
connect
inet_addr
inet_ntoa
WSACleanup
freeaddrinfo
getaddrinfo
getsockopt
shutdown
WSARecv
__WSAFDIsSet
ioctlsocket
WSASendTo
WSARecvFrom
listen
WSASocketW
WSAStringToAddressA
select
setsockopt
WSASend
ntohl
WSAAddressToStringA

dbghelp

MiniDumpWriteDump

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 841KB - Virtual size: 840KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitCometTracker_0.4/BitCometTrackerLaunch.exe
.exe windows:4 windows x86 arch:x86

264c589c75ca86437a4580aa0781928e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
GetLocalTime
WaitForMultipleObjects
WriteFile
CreateMutexA
GetLastError
CreateFileA
SetFilePointer
SetConsoleCtrlHandler
CreateEventA
CreateProcessA
CloseHandle
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
LoadLibraryA
ReadFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BitCometTracker_0.4/ChangeLog.txt
BitCometTracker_0.4/ChangeLog_Chinese.txt
BitCometTracker_0.4/CrashReport.exe
.exe windows:4 windows x86 arch:x86

a776410ebed1fe3610f4c6dda1e9840b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetNextDlgGroupItem

gdi32

SetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA

advapi32

RegOpenKeyA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA

oledlg

ord8

ole32

CoRegisterMessageFilter

oleaut32

VariantCopy

ws2_32

WSACleanup

wininet

InternetSetStatusCallback

Sections

.text
Size: 155KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BitCometTracker_0.4/License.txt
BitCometTracker_0.4/Plugins_SDK/Plugin_Readme.txt
BitCometTracker_0.4/Plugins_SDK/Plugin_Readme_Chinese.txt
BitCometTracker_0.4/Plugins_SDK/ado_conn.txt
.vbs
BitCometTracker_0.4/Plugins_SDK/db_mssql/db_mssql.cpp
.js
BitCometTracker_0.4/Plugins_SDK/db_mssql/db_mssql.def
BitCometTracker_0.4/Plugins_SDK/db_mssql/db_mssql.h
BitCometTracker_0.4/Plugins_SDK/db_mssql/db_mssql.sln
BitCometTracker_0.4/Plugins_SDK/db_mssql/db_mssql.vcproj
.xml
BitCometTracker_0.4/Plugins_SDK/db_mysql/db_mysql.cpp
BitCometTracker_0.4/Plugins_SDK/db_mysql/db_mysql.def
BitCometTracker_0.4/Plugins_SDK/db_mysql/db_mysql.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/db_mysql.sln
BitCometTracker_0.4/Plugins_SDK/db_mysql/db_mysql.vcproj
.xml
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/config-netware.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/config-os2.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/config-win.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/errmsg.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/libmysql.def
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/libmysqld.def
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/m_ctype.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/m_string.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/my_alloc.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/my_dbug.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/my_getopt.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/my_global.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/my_list.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/my_pthread.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/my_sys.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/mysql.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/mysql_com.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/mysql_embed.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/mysql_version.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/mysqld_error.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/include/raid.h
BitCometTracker_0.4/Plugins_SDK/db_mysql/mysql/lib/libmysql.lib
BitCometTracker_0.4/Plugins_example/db_mssql.dll
.dll windows:4 windows x86 arch:x86

d212b32021faa8b3d498f683380fb036

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
LocalAlloc
lstrlenA
FormatMessageA
InterlockedDecrement
OutputDebugStringA
GetLastError
MultiByteToWideChar
FlushFileBuffers
CloseHandle
CreateFileA
GetLocaleInfoA
GetStringTypeW
WideCharToMultiByte
HeapFree
RtlUnwind
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
Sleep
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA

ole32

OleUninitialize
CoCreateInstance
OleRun
CLSIDFromString
OleInitialize
CLSIDFromProgID

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysFreeString
SysAllocString
GetErrorInfo

Exports

Exports

db_connect
db_disconnect
db_fetch
db_fetch2
db_get_plugin_interface_version
db_update

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitCometTracker_0.4/Plugins_example/db_mssql.sql
BitCometTracker_0.4/Plugins_example/db_mysql.dll
.dll windows:4 windows x86 arch:x86

b134f73d785f91def693c40eb5e9d344

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libmysql

mysql_num_fields
mysql_fetch_row
mysql_close
mysql_real_query
mysql_store_result
mysql_num_rows
mysql_free_result
mysql_real_connect
mysql_init

kernel32

VirtualFree
FlushFileBuffers
CloseHandle
CreateFileA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapSize
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSection
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Exports

Exports

db_connect
db_disconnect
db_fetch
db_fetch2
db_get_plugin_interface_version
db_update

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitCometTracker_0.4/Plugins_example/db_mysql.sql
BitCometTracker_0.4/Plugins_example/libmySQL.dll
.dll windows:4 windows x86 arch:x86

4e5652504f832690a192841c4601cef5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

shutdown
closesocket
setsockopt
send
recv
WSAStartup
WSACleanup
gethostbyname
socket
WSAGetLastError
ioctlsocket
htons
getservbyname
ntohs
connect

kernel32

GetLocaleInfoW
SetEndOfFile
LCMapStringW
LCMapStringA
LoadLibraryA
RaiseException
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
CompareStringW
CompareStringA
HeapSize
GetOEMCP
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetCurrentThreadId
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
GetLastError
InterlockedIncrement
DeleteCriticalSection
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateSemaphoreA
ReadFile
WriteFile
CloseHandle
HeapAlloc
HeapFree
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetFileAttributesA
WideCharToMultiByte
GetTimeZoneInformation
MultiByteToWideChar
HeapReAlloc
GetFullPathNameA
GetSystemTimeAsFileTime
GetCommandLineA
GetVersionExA
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FlushFileBuffers
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
SetFilePointer
SetEnvironmentVariableA
SetEnvironmentVariableW
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
RtlUnwind
GetDriveTypeA
GetCurrentDirectoryA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyExA

Exports

Exports

_dig_vec
bmove_upp
delete_dynamic
free_defaults
getopt_compare_strings
getopt_ull_limit_value
handle_options
init_dynamic_array
insert_dynamic
int2str
is_prefix
list_add
list_delete
load_defaults
max_allowed_packet
my_casecmp
my_end
my_getopt_print_errors
my_init
my_malloc
my_memdup
my_no_flags_free
my_path
my_print_help
my_print_variables
my_realloc
my_strdup
my_thread_end
my_thread_init
myodbc_remove_escape
mysql_add_slave
mysql_affected_rows
mysql_change_user
mysql_character_set_name
mysql_close
mysql_data_seek
mysql_debug
mysql_disable_reads_from_master
mysql_disable_rpl_parse
mysql_dump_debug_info
mysql_enable_reads_from_master
mysql_enable_rpl_parse
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_get_client_info
mysql_get_host_info
mysql_get_proto_info
mysql_get_server_info
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_master_query
mysql_master_send_query
mysql_num_fields
mysql_num_rows
mysql_odbc_escape_string
mysql_options
mysql_ping
mysql_query
mysql_read_query_result
mysql_reads_from_master_enabled
mysql_real_connect
mysql_real_escape_string
mysql_real_query
mysql_refresh
mysql_row_seek
mysql_row_tell
mysql_rpl_parse_enabled
mysql_rpl_probe
mysql_rpl_query_type
mysql_select_db
mysql_send_query
mysql_set_master
mysql_shutdown
mysql_slave_query
mysql_slave_send_query
mysql_ssl_set
mysql_stat
mysql_store_result
mysql_thread_id
mysql_thread_safe
mysql_use_result
net_buffer_length
set_dynamic
strcend
strdup_root
strfill
strinstr
strmake
strmov
strxmov

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitCometTracker_0.4/ReadMe.txt
BitCometTracker_0.4/ReadMe_Chinese.txt
BitCometTracker_0.4/dbghelp.dll
.dll windows:5 windows x86 arch:x86

1e7ff3adf3b8cd2d63666cfe63301b74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentVariableW
GetProcAddress
DeleteFileW
CreateFileW
CreateDirectoryW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
UnmapViewOfFile
GetFullPathNameW
GetFileAttributesW
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
OpenProcess
GetCurrentProcessId
VirtualFree
OutputDebugStringW
ReadProcessMemory
WriteFile
SetErrorMode
GetFileAttributesA
DebugBreak
GetSystemDirectoryW
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
OutputDebugStringA
IsDBCSLeadByte
HeapFree
HeapAlloc
HeapReAlloc
TlsFree
LocalFree
TlsAlloc
GetVersionExA
VirtualQueryEx
GetPriorityClass
FlushViewOfFile
MapViewOfFileEx
GetFileType
CreateFileMappingW
DeviceIoControl
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
CopyFileA
SetFileAttributesA
CopyFileW
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
Sleep
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
DeleteFileA
FormatMessageW
FormatMessageA
GetThreadSelectorEntry
CreateThread
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetVersionExW
GetSystemInfo
InitializeCriticalSection
HeapCreate
DeleteCriticalSection
HeapDestroy
TlsGetValue
TlsSetValue
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
SetLastError
FindFirstFileW
FindNextFileW
FreeLibrary
LoadLibraryA
TerminateThread

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
realloc
sprintf
iswprint
memmove
iswspace
calloc
wcsncat
strncat
_itoa
_write
strncpy
strchr
_wcsicmp
towlower
tolower
_wcslwr
_close
_wopen
time
wcsncpy
strncmp
_ltoa
_wcsnicmp
_stricmp
_purecall
_vsnprintf
isspace
ctime
malloc
atol
__CxxFrameHandler
fclose
__unDName
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
_osver
_snprintf
wcstol
wcsrchr
_wmakepath
_winminor
_winmajor
_fullpath
_wfullpath
_mbsicmp
_splitpath
_access
_wcsdup
_fsopen
_wfsopen
_get_osfhandle
_read
_lseeki64
_chsize
_open_osfhandle
_wsopen
_sopen
ftell
_wgetenv
_mbscmp
_memicmp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_strlwr
free
strstr
_vsnwprintf
_except_handler3
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
??3@YAXPAX@Z
_wsplitpath
??2@YAPAXI@Z

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
DirTree
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
fptr
lmi
lminfo
omap
srcfiles
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 803KB - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

1930cb00693084091427caabf69d5f61

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

dbghelp

mswsock

Sections

.text Size: 841KB - Virtual size: 840KB

.rdata Size: 183KB - Virtual size: 183KB

.data Size: 29KB - Virtual size: 302KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 119KB - Virtual size: 118KB

264c589c75ca86437a4580aa0781928e

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 176B

a776410ebed1fe3610f4c6dda1e9840b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

Sections

.text Size: 155KB - Virtual size: 412KB

.rsrc Size: 15KB - Virtual size: 16KB

d212b32021faa8b3d498f683380fb036

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 6KB

b134f73d785f91def693c40eb5e9d344

Headers

File Characteristics

.text
Size: 841KB - Virtual size: 840KB

.rdata
Size: 183KB - Virtual size: 183KB

.data
Size: 29KB - Virtual size: 302KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 119KB - Virtual size: 118KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 176B

.text
Size: 155KB - Virtual size: 412KB

.rsrc
Size: 15KB - Virtual size: 16KB

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 72KB - Virtual size: 112KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 803KB - Virtual size: 802KB

.data
Size: 16KB - Virtual size: 109KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 52KB - Virtual size: 52KB