eedce6e7ed0c90e9072c46bfa7e00f0b405488645fef51a9bb5bec26e1f0824d

Sharing

Copy URL Twitter E-mail

General

Target

eedce6e7ed0c90e9072c46bfa7e00f0b405488645fef51a9bb5bec26e1f0824d
Size

124KB
MD5

ca108e42d080ee6edeb5b2383b993813
SHA1

9243af058e6cdd631ba1a099cc46fda4e4eeb709
SHA256

eedce6e7ed0c90e9072c46bfa7e00f0b405488645fef51a9bb5bec26e1f0824d
SHA512

9e2269a944d6dfee24de6e27f7628637dd9f09c8063e72b9340e4fd3e937a02512c33f5244aaf22f3f2de85356464b6ff37848d48c04ca278ebeb7818f7807ea
SSDEEP

1536:UjJ3uq+4N0QdPrtHR2qLD82La1MqqU+NV23S2K:UjJ+qSQhrBQqLgZ1MqqDLy/K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eedce6e7ed0c90e9072c46bfa7e00f0b405488645fef51a9bb5bec26e1f0824d

Files

eedce6e7ed0c90e9072c46bfa7e00f0b405488645fef51a9bb5bec26e1f0824d
.dll windows:4 windows x86 arch:x86

d19a4431a492271083cd41588427a50c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

x:\xrXMLParser.pdb

Imports

kernel32

GetLocalTime

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

xrcore

??1CMemoryWriter@@UAE@XZ
?close@IReader@@QAEXXZ
?w@CMemoryWriter@@UAEXPBXI@Z
?Memory@@3VxrMemory@@A
?mem_alloc@xrMemory@@QAEPAXI@Z
??0CMemoryWriter@@QAE@XZ
?r_open@CLocatorAPI@@QAEPAVIReader@@PBD0@Z
?xr_FS@@3PAVCLocatorAPI@@A
?xr_strdup@@YGPADPBD@Z
?mem_free@xrMemory@@QAEXPAX@Z

msvcr71

memmove
_strnicmp
_stricmp
_onexit
strstr
__dllonexit
?terminate@@YAXXZ
_except_handler3
__CppXcptFilter
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
atoi
strtok
__CxxFrameHandler
strchr
strncmp
sprintf
_purecall
fclose
fwrite
fopen
fprintf
__RTDynamicCast
malloc
free

Exports

Exports

??0CUIXml@@QAE@XZ
??1CUIXml@@UAE@XZ
??4StructSampleExport@@QAEAAU0@ABU0@@Z
??_7CUIXml@@6B@
?GetNodesNum@CUIXml@@QAEHPAVCkXml@@PBD@Z
?GetNodesNum@CUIXml@@QAEHPBDH0@Z
?GetRoot@CUIXml@@QAEPAVCkXml@@XZ
?Init@CUIXml@@QAE_NPBD0@Z
?NavigateToNode@CUIXml@@QAEPAVCkXml@@PAV2@PBDH@Z
?NavigateToNode@CUIXml@@QAEPAVCkXml@@PBDH@Z
?Read@CUIXml@@QAEPADPAVCkXml@@PBD@Z
?Read@CUIXml@@QAEPADPAVCkXml@@PBDH1@Z
?Read@CUIXml@@QAEPADPBDH0@Z
?ReadAttrib@CUIXml@@QAEPADPAVCkXml@@PBD1@Z
?ReadAttrib@CUIXml@@QAEPADPAVCkXml@@PBDH11@Z
?ReadAttrib@CUIXml@@QAEPADPBDH00@Z
?ReadAttribInt@CUIXml@@QAEHPAVCkXml@@PBDH1H@Z
?ReadAttribInt@CUIXml@@QAEHPAVCkXml@@PBDH@Z
?ReadAttribInt@CUIXml@@QAEHPBDH0H@Z
?ReadInt@CUIXml@@QAEHPAVCkXml@@H@Z
?ReadInt@CUIXml@@QAEHPAVCkXml@@PBDHH@Z
?ReadInt@CUIXml@@QAEHPBDHH@Z
?SearchForAttribute@CUIXml@@QAEPAVCkXml@@PAV2@PBD11@Z
?SearchForAttribute@CUIXml@@QAEPAVCkXml@@PBDH000@Z
?XML_CleanUpMemory@@YGXXZ
?XML_DisableStringCaching@@YGXXZ

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d19a4431a492271083cd41588427a50c

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

xrcore

msvcr71

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 32KB - Virtual size: 185KB

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 32KB - Virtual size: 185KB

.reloc
Size: 32KB - Virtual size: 28KB