General

Malware Config

Signatures

Files

• 5af2850286143639c55269b84d849893dc512749e52e30be2ef12fa76ef485b3

  .exe windows:6 windows x86 arch:x86

  db1ddc5d59f9e231986fe286511668fd

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  commondatasetbase

  ?GetModuleDir@Environment@common@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAX@Z

  ??1Mutex@common@@QAE@XZ

  ??0Mutex@common@@QAE@XZ

  ?IsDirectory@File@common@@QBE_NXZ

  ?IsExist@File@common@@QBE_NXZ

  ??1File@common@@UAE@XZ

  ??0File@common@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

  ?CopyLen@StringHelper@common@@YA_NPADIPBDZZ

  ?TryStringToGUID@GUIDHelper@common@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAUtag_GUID@2@@Z

  ?GUIDToString@GUIDHelper@common@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUtag_GUID@2@@Z

  ?CreateGUID@GUIDHelper@common@@SA_NAAUtag_GUID@2@@Z

  ??1TimeStamp@common@@QAE@XZ

  ??0TimeStamp@common@@QAE@XZ

  ??0TimeStamp@common@@QAE@_J@Z

  ?GetZone@TimeZone@common@@SAHXZ

  ??1DateTime@common@@QAE@XZ

  ??0DateTime@common@@QAE@ABVTimeStamp@1@@Z

  ?Flush@Logger@common@@QAE_NXZ

  ?AnsiToUtf8@StringHelper@common@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z

  ?GetSize@BinaryReader@common@@UAE_JXZ

  ?Read@BinaryReader@common@@UAE_NPAEIPAI@Z

  ?Open@BinaryReader@common@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N1@Z

  ??1BinaryReader@common@@UAE@XZ

  ??0BinaryReader@common@@QAE@XZ

  ?GetSize@TextStream@common@@UAE_JXZ

  ?Seek@TextStream@common@@UAE_J_JW4SeekMode@2@@Z

  ?GetPos@TextStream@common@@UAE_JXZ

  ?Append@TextStream@common@@UAE_JPBEI@Z

  ?Close@TextStream@common@@UAE_NXZ

  ?Open@TextStream@common@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N1@Z

  ?GetSize@TextReader@common@@UAE_JXZ

  ?GetPos@TextReader@common@@UAE_JXZ

  ?Seek@TextReader@common@@UAE_J_JW4SeekMode@2@@Z

  ?ReadLine@TextReader@common@@UAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

  ?Close@TextReader@common@@UAE_NXZ

  ?Open@TextReader@common@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N1@Z

  ??0TextReader@common@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z

  ?Join@Thread@common@@QAEXXZ

  ??1Thread@common@@QAE@XZ

  ??0Thread@common@@QAE@P6AXPAX@Z0_N@Z

  kernel32

  GetProcAddress

  CloseHandle

  GetCurrentProcessId

  LeaveCriticalSection

  EnterCriticalSection

  FileTimeToDosDateTime

  FindFirstFileW

  FindClose

  FileTimeToLocalFileTime

  MultiByteToWideChar

  GetLastError

  FreeLibrary

  LoadLibraryA

  MapViewOfFile

  UnmapViewOfFile

  WaitForSingleObject

  OpenSemaphoreA

  CreateSemaphoreA

  ReleaseSemaphore

  CreateFileMappingA

  GetCurrentProcess

  GetExitCodeProcess

  Sleep

  ExitProcess

  GetTickCount64

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  QueryPerformanceCounter

  IsProcessorFeaturePresent

  DecodePointer

  IsDebuggerPresent

  EncodePointer

  user32

  GetMessageA

  TranslateMessage

  PostMessageA

  DispatchMessageA

  msvcp110

  ?_Xout_of_range@std@@YAXPBD@Z

  ?_Xlength_error@std@@YAXPBD@Z

  ?_BADOFF@std@@3_JB

  ?uncaught_exception@std@@YA_NXZ

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

  ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z

  ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

  ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

  ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

  ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

  ?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ

  ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

  ?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

  ?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

  ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z

  ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

  ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

  ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

  ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

  ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

  ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

  ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

  ??1_Lockit@std@@QAE@XZ

  ??0_Lockit@std@@QAE@H@Z

  ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ

  ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z

  ?id@?$codecvt@DDH@std@@2V0locale@2@A

  ?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

  ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ

  ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ

  ?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z

  ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

  ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

  ?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z

  ?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z

  ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

  ?always_noconv@codecvt_base@std@@QBE_NXZ

  ??Bid@locale@std@@QAEIXZ

  ?_Syserror_map@std@@YAPBDH@Z

  ?_Winerror_map@std@@YAPBDH@Z

  ?_Xbad_alloc@std@@YAXXZ

  msvcr110

  _purecall

  ??3@YAXPAX@Z

  ??2@YAPAXI@Z

  ??0exception@std@@QAE@ABV01@@Z

  memchr

  realloc

  _wmkdir

  _wremove

  _waccess

  _wrename

  ?what@exception@std@@UBEPBDXZ

  ??1exception@std@@UAE@XZ

  ??0exception@std@@QAE@ABQBD@Z

  tolower

  toupper

  strtol

  fputc

  ??1bad_cast@std@@UAE@XZ

  ??0bad_cast@std@@QAE@PBD@Z

  ??0bad_cast@std@@QAE@ABV01@@Z

  _unlock_file

  ungetc

  fgetpos

  _fseeki64

  fflush

  fgetc

  fsetpos

  setvbuf

  _lock_file

  memcpy_s

  fwrite

  fclose

  _time64

  _lock

  _unlock

  _calloc_crt

  __dllonexit

  _onexit

  ??1type_info@@UAE@XZ

  _vsnprintf

  _XcptFilter

  _amsg_exit

  __getmainargs

  __set_app_type

  exit

  _exit

  _cexit

  _configthreadlocale

  __setusermatherr

  _initterm_e

  _initterm

  __initenv

  _fmode

  _commode

  _crt_debugger_hook

  __crtUnhandledException

  __crtTerminateProcess

  _except_handler4_common

  ?terminate@@YAXXZ

  __crtSetUnhandledExceptionFilter

  _invoke_watson

  _controlfp_s

  memcpy

  floor

  __RTDynamicCast

  malloc

  free

  memmove

  __CxxFrameHandler3

  _CxxThrowException

  memset

  Sections

  .text

  Size: 264KB - Virtual size: 264KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 67KB - Virtual size: 67KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 12KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 872B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 54KB - Virtual size: 54KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ