5765d0e0957920f0d05dc48c0f72c6c0N

Sharing

Copy URL Twitter E-mail

General

Target

5765d0e0957920f0d05dc48c0f72c6c0N
Size

209KB
MD5

5765d0e0957920f0d05dc48c0f72c6c0
SHA1

6cbf8971e8502b5afb8fa9d4f1774e3903a23c0d
SHA256

119f3c353df9ae596ef9048c180928f3bd3d5d7b8add6ae5b0d0da26cebe4320
SHA512

8e72fb20f447651acc8e20af0e5013209ca564becd889a0ff4348b1af83040feafe437517bd0144f213601cf74494469b9fcf527e39da8aa4ea67b7440899d26
SSDEEP

6144:E0rD9RPaFpFpg8AKOtdCGSrZ04+ISp9XzL:E0dsRpgmdcp9H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5765d0e0957920f0d05dc48c0f72c6c0N

Files

5765d0e0957920f0d05dc48c0f72c6c0N
.dll windows:5 windows x86 arch:x86

7272015fcb8bb3df6429386da99e0adf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\compile_tmp\20111208-210149-0174\1123646125\modules\xiliols\win32\xiliolsop\bin\xiliolsop.pdb

Imports

libeay32

ord82
ord1654
ord248
ord469
ord109
ord578
ord84
ord648
ord579
ord222
ord181
ord1653
ord467
ord254
ord227
ord641
ord652
ord2206
ord657
ord363
ord89
ord2254
ord566
ord1178
ord364
ord2442
ord484
ord680
ord3050
ord223
ord66
ord202
ord395
ord2291
ord485
ord544

ssleay32

ord166
ord21
ord43
ord16
ord90
ord74
ord42
ord83
ord76
ord242
ord73
ord142
ord183
ord225
ord78
ord8
ord48
ord108
ord12
ord31
ord157
ord111
ord6
ord61
ord58
ord141
ord75
ord222
ord17
ord96
ord24
ord235

kernel32

SetLastError
GetLastError
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FormatMessageA

msvcr90

_errno
strtol
strncpy
___mb_cur_max_func
_read
rand
strchr
wctomb
strrchr
_setmode
atol
strtoul
_write
mbtowc
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
strstr
strerror
malloc
free
strncmp
memmove
strncat
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memcpy
__CxxFrameHandler3
memset

msvcp90

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z

wsock32

WSAGetLastError
select
ioctlsocket
ntohl
recvfrom
WSAStartup
connect
inet_ntoa
htons
shutdown
setsockopt
recv
socket
__WSAFDIsSet
closesocket
gethostbyname
send
getsockopt
accept
sendto

Exports

Exports

xiliolsop__checkIp
xiliolsop__getConfigureInfo
xiliolsop__getUpdateInfo
xiliolsop__getVerifyInfo
xiliolsop__setProxy
xiliolsop_init

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7272015fcb8bb3df6429386da99e0adf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libeay32

ssleay32

kernel32

msvcr90

msvcp90

wsock32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 6KB - Virtual size: 5KB

.text Size: 90KB - Virtual size: 92KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 90KB - Virtual size: 92KB