SideLoad[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

SideLoad.rar
Size

548KB
MD5

58ac34cd4394b96bac9006f58c2efab3
SHA1

18bbec89a91d29956b07b58293232bc8c7bae9f7
SHA256

25ac1009538445861a585b7e166f7069768f12ff2c91c5ceb4d86d43e4ab20e2
SHA512

9939f2434cc86d889d2e85bfe5afcaf88096cc5370ba85c733181acffe8b3827640286c5b95f94746c6d8729b43374f4453dee610213de07ebdabbb485c3ec2a
SSDEEP

12288:qWSPQvlhDBCDoZgSZa+cjTY6ZyZaevewoc/hxmw3K41SmKI:qLP6Wo+SsxTZyZxycbKGSmz

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/SideLoad/COMSupport.dll_1
unpack001/SideLoad/TaskLoad.exe
unpack001/SideLoad/TestDLL.dll

Files

SideLoad.rar
.rar
SideLoad/COMSupport.dll_1
.dll windows:4 windows x86 arch:x86

49eddc0001193b6994bd66076ee67de2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dll1

ord1

mfc42

ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord6055
ord4078
ord1776
ord4403
ord5240
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1726
ord5253
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3371
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4432
ord3641
ord303
ord825
ord813
ord4244
ord6605
ord3293
ord1911
ord3316
ord3314
ord5242
ord6121
ord1774
ord2490
ord5010
ord5658
ord2395
ord6322
ord2609
ord1006
ord1787
ord6123
ord4291
ord1994
ord5192
ord775
ord860
ord540
ord503
ord1261
ord5703
ord5708
ord1175
ord4464
ord6907
ord2818
ord3998
ord2721
ord858
ord3301
ord535
ord3619
ord4407
ord5241
ord3749
ord1727
ord5261
ord3402
ord4424
ord3721
ord809
ord795
ord2614
ord556
ord567
ord3626
ord3663
ord2414
ord4275
ord1088
ord2122
ord1641
ord2860
ord6199
ord3874
ord3797
ord5875
ord2864
ord2379
ord6358
ord6197
ord2859
ord6880
ord3571
ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord4425
ord3597
ord3610
ord656
ord641
ord1168
ord1146
ord324
ord2370
ord2301
ord2302
ord4234
ord5981
ord4853
ord6334
ord3092
ord4710
ord4890
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord807
ord796
ord674
ord527
ord554
ord529
ord366
ord794
ord686
ord2494
ord2627
ord2626
ord6000
ord2117
ord6146
ord2453
ord2862
ord2097
ord384
ord4163
ord6625
ord4457
ord4723
ord5852
ord3481
ord2252
ord975
ord4413
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord1134
ord2575
ord4396
ord3574
ord609
ord5289
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord338
ord4823
ord4614
ord4613
ord6613
ord2535
ord2820
ord6919
ord6215
ord4299
ord6762
ord4277
ord4278
ord6662
ord2915
ord3810
ord5933
ord5697
ord6741
ord6508
ord6767
ord3742
ord818
ord2152
ord1233
ord1768
ord755
ord640
ord5785
ord1640
ord323
ord470
ord1199
ord6403
ord3522
ord6283
ord4160
ord3521
ord6402
ord4476
ord3089
ord2642
ord4349
ord4341
ord5076
ord4532
ord4892
ord4370
ord4899
ord4588
ord4589
ord2583
ord1849
ord823
ord800
ord537
ord5280
ord5252

msvcrt

__CxxFrameHandler
atoi
_mbscmp
memchr
exit
fclose
fopen
sscanf
memmove
_except_handler3
fseek
ctime
_fstat
ftell
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv

kernel32

GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameA
DisableThreadLibraryCalls

user32

SetCursor
SetWindowLongA
SetCapture
RedrawWindow
GetClientRect
MessageBeep
EnableWindow
SendMessageA
GetCursorPos
ReleaseCapture
PtInRect
IsWindow
InvalidateRect
InflateRect
ReleaseDC
SetTimer
LoadCursorA
UpdateWindow
GetKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
AnimateWindow
wsprintfA
LoadBitmapA
GetWindowRect
GetParent
GetDC

gdi32

BitBlt
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
CreateCompatibleDC
GetStockObject

shell32

SHGetSpecialFolderPathA

msvcp60

??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@D@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??1ios_base@std@@UAE@XZ

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverVersion
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetNumWrites
SetCOMProfile
WSCreateInstance

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SideLoad/TaskLoad.exe
.exe windows:5 windows x86 arch:x86

88e52f8d6facf6590481e7663f4583ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegCloseKey

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualAlloc
SwitchToThread
SizeofResource
SignalObjectAndWait
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OpenProcess
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalFindAtomW
GlobalDeleteAtom
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCommandLineW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetTextMetricsW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
FrameRgn
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

comsupport

WSCreateInstance

ws_log

WSLog
WSLogInit

Sections

.text
Size: 530KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SideLoad/TestDLL.dll
.dll windows:4 windows x86 arch:x86

a7f82a4322be5a4f0aaf076fdf77b0bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord800
ord815
ord317
ord540
ord561
ord825
ord635
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord535
ord6282
ord537
ord775
ord823
ord1825
ord4238
ord5821
ord3662
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord414
ord338
ord713
ord1994
ord858
ord5192
ord6141
ord4614
ord4613
ord1849
ord4244
ord2583
ord4589
ord4899
ord4341
ord4349
ord4890
ord2396
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord6055
ord1776
ord4403
ord5240
ord5290
ord3748
ord1726
ord4432
ord303
ord813
ord5253
ord4723
ord2535
ord3663
ord5651
ord5712
ord2017
ord1668
ord1168
ord860
ord2393
ord2721
ord6322
ord1006
ord2609
ord2818
ord6334
ord4224
ord3874
ord3286
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord554
ord529
ord366
ord807
ord6199
ord2494
ord2627
ord2626
ord6000
ord2117
ord6146
ord4317
ord5885
ord4163
ord6625
ord4457
ord5252
ord1911
ord3316
ord3314
ord5242
ord6121
ord1774
ord2490
ord5010
ord5658
ord2395
ord1787
ord6123
ord4291
ord503
ord5697
ord5708
ord5703
ord1261
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4531
ord4615

msvcrt

memmove
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_onexit
__dllonexit
_except_handler3
free
__CxxFrameHandler
memchr
sscanf
_initterm
_CxxThrowException
realloc

kernel32

GetProcessHeap
VirtualAlloc
Sleep
GetProcAddress
LoadLibraryA
VirtualFree
FreeLibrary
DisableThreadLibraryCalls
HeapAlloc

user32

SetWindowLongA
GetWindowLongA
SendMessageA
EnableWindow
wsprintfA

shell32

SHGetSpecialFolderPathA

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@D@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1ios_base@std@@UAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverVersion
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetNumWrites
SetCOMProfile

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SideLoad/_8

Sharing

General

Malware Config

Signatures

Files

49eddc0001193b6994bd66076ee67de2

Headers

File Characteristics

Imports

dll1

mfc42

msvcrt

kernel32

user32

gdi32

shell32

msvcp60

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 984B

.rsrc Size: 4KB - Virtual size: 864B

.reloc Size: 8KB - Virtual size: 5KB

88e52f8d6facf6590481e7663f4583ac

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

ole32

comctl32

comsupport

ws_log

Sections

.text Size: 530KB - Virtual size: 529KB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 20KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: - Virtual size: 60B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 36KB - Virtual size: 35KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

a7f82a4322be5a4f0aaf076fdf77b0bf

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

shell32

msvcp60

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 984B

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 530KB - Virtual size: 529KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 60B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 4KB