55fbfe51bb8a992a4538a3b1d60479ae_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

55fbfe51bb8a992a4538a3b1d60479ae_JaffaCakes118
Size

690KB
MD5

55fbfe51bb8a992a4538a3b1d60479ae
SHA1

36b8ccca14446efc2a6af9815b86b5bd05a22d55
SHA256

cb0506d38054e09204e9b28ac1c03d32a19874037e7814bf1d77f835dbe7d162
SHA512

02633a0ecc1a6c8cb5e5da3263e8b9744ae3f766bca30d3a9e5e521ed94741ad5a96ef7efe399aeeeb9115c7365970df6a7acc85d872516d8cd73f70faa9e3fd
SSDEEP

12288:x4NmKW/rth3Nrqy5DJW+8bFrV/ELEjzvaP1aYfTvb5J4CCGbFX:bXEy5DMDh/VjraEYLvb5PNX

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IPRadar.exe
unpack001/xiprad.dll
unpack001/xutil.dll

Files

55fbfe51bb8a992a4538a3b1d60479ae_JaffaCakes118
.zip
IPRadar.exe
.exe windows:5 windows x86 arch:x86

5bf5623c0eea5f0cf66dd5487978287e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

xiprad

??0XPacketBaseParser@@QAE@XZ
?Instance@XDNSRecord@@SAPAV1@XZ
?addICQProcessName@XIPCounter@@SAXPBD0@Z
?parser@XPacketBaseParser@@UAEXKPBDH@Z
?parserSock@XPacketBaseParser@@UAEXABUIPTAPEPRO_NetIo@@@Z
?init@XPacketBaseParser@@UAEXXZ
?stop@XPacketBaseParser@@UAEXXZ
??1XPacketBaseParser@@MAE@XZ
?reload@XPCProcessInfo@@QAEXXZ
?getResult@XParserResultMgr@@QAEPAVXParserResult@@H@Z
?Instance@XParserResultMgr@@SAPAV1@XZ
?getDNSName@XDNSRecord@@QAEHKPADH@Z
?m_lastIPAddress@XParserResult@@2KA
?addGameProcess@XGameProcesslist@@QAEXPBD@Z
?Instance@XGameProcesslist@@SAPAV1@XZ
?setCheckGameFlag@XPacketCounter@@QAEXXZ
?getNetIO@XPCProcessInfo@@QAEHQAY02KH@Z
?getDiskIO@XPCProcessInfo@@QAEHQAY02KH@Z
?Instance@XPCProcessInfo@@SAPAV1@XZ
?close@XPacketQueueMgr@@QAEXXZ
?addParser@XPacketMgr@@QAEXPAVXPacketParser@@@Z
??0XPCNetcardInfo@@QAE@XZ
?getIPAddrs@XPCNetcardInfo@@QAEHXZ
?getIPByIndex@XPCNetcardInfo@@QAEKH@Z
?createListener@XPacketMgr@@QAEPAVXPacketListener@@HK@Z
?findListener@XPacketMgr@@QAEPAVXPacketListener@@K@Z
?init@XParserWorker@@QAEXXZ
?disableNetIOQueue@XPCProcessInfo@@QAEXXZ
??1XPCNetcardInfo@@QAE@XZ
?Instance@XParserWorker@@SAPAV1@XZ
?stop@XParserWorker@@QAEXXZ
?Instance@XPacketMgr@@SAPAV1@XZ
?close@XPacketMgr@@QAEXXZ
?Instance@XPacketQueueMgr@@SAPAV1@XZ
?closeInfo@XPCProcessInfo@@QAEXXZ

ws2_32

WSACleanup
gethostbyname
gethostname
WSAStartup
ntohs
inet_ntoa
htonl
htons
getservbyname
WSASetLastError
WSAGetLastError
getservbyport
gethostbyaddr
inet_addr
ntohl

xutil

?start@XThread@@QAEXXZ

kernel32

SetThreadPriority
SuspendThread
GetCurrentProcessId
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameW
InterlockedDecrement
MoveFileA
DeleteFileA
GetStringTypeExA
GetThreadLocale
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetShortPathNameA
GlobalFlags
GetModuleHandleW
InterlockedIncrement
LocalAlloc
lstrcmpA
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetFileSizeEx
GetCurrentDirectoryA
SetErrorMode
RtlUnwind
RaiseException
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetStartupInfoA
VirtualAlloc
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapCreate
VirtualFree
GetStdHandle
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentThread
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
lstrcmpW
SetLastError
FormatMessageA
LocalFree
MulDiv
FreeResource
GetLocalTime
GetSystemDefaultLangID
QueryDosDeviceA
GetProcessIoCounters
GetWindowsDirectoryA
GetProcessHeap
HeapAlloc
HeapFree
DeviceIoControl
SystemTimeToTzSpecificLocalTime
GetSystemTime
OpenProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
FileTimeToSystemTime
SystemTimeToFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcpynA
Sleep
lstrcpyA
ResumeThread
MultiByteToWideChar
CreateFileA
WriteFile
SetEvent
WaitForSingleObject
CreateEventA
lstrcmpiA
lstrlenA
GetTickCount
GetCommandLineA
CreateMutexA
GetLastError
GetSystemTimeAsFileTime
WideCharToMultiByte
GetModuleFileNameA
GetCurrentProcess
CloseHandle
GetVersionExA
FindResourceA
LoadResource
LockResource
SizeofResource
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
FreeEnvironmentStringsW
InterlockedExchange
GetSystemDirectoryA
CreateFileW
GetDriveTypeA
GetFileInformationByHandle
PeekNamedPipe
LeaveCriticalSection

user32

TranslateMessage
GetMessageA
ShowOwnedPopups
GetWindowThreadProcessId
TranslateAcceleratorA
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
DestroyMenu
ReuseDDElParam
UnpackDDElParam
GetMenuItemInfoA
CharUpperA
WindowFromPoint
GetSysColorBrush
DeleteMenu
DestroyIcon
UnregisterClassA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
ValidateRect
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
IntersectRect
IsIconic
GetWindowPlacement
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindow
DrawIconEx
SetLayeredWindowAttributes
PostMessageA
IsZoomed
RegisterWindowMessageA
GetSystemMetrics
SystemParametersInfoA
ReleaseCapture
GetCursorPos
SetForegroundWindow
GetDesktopWindow
SetCapture
GetWindowRect
LoadMenuA
GetSubMenu
GetMenuState
EnableMenuItem
CheckMenuItem
CopyRect
OffsetRect
InflateRect
GetParent
KillTimer
SetTimer
InvalidateRect
FillRect
GetDC
SendMessageA
MessageBoxA
UpdateWindow
LoadCursorA
LoadImageA
EnableWindow
SetCursor
GetClientRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
GrayStringA
DrawTextExA
PtInRect
ShowWindow
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
CreateWindowExA
ModifyMenuA
MoveWindow
SetWindowTextA
IsWindowVisible
IsDialogMessageA
DestroyWindow

gdi32

SetTextColor
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetMapMode
LineTo
MoveToEx
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
GetClipBox
DeleteDC
CreatePatternBrush
CreatePen
ScaleWindowExtEx
DeleteObject
GetDeviceCaps
GetStockObject
Rectangle
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
PatBlt
GetCurrentObject
GetObjectA
CreateFontIndirectA
GetPixel
GetTextExtentPoint32A

comdlg32

GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
GetFileSecurityA
SetFileSecurityA
RegSetValueA
RegQueryValueExA
LookupPrivilegeValueA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
AllocateAndInitializeSid
FreeSid
GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
OpenProcessToken
AdjustTokenPrivileges

shell32

ExtractIconA
ShellExecuteExA
Shell_NotifyIconA
DragFinish
DragQueryFileA
SHGetFileInfoA
ShellExecuteA

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantChangeType
VariantClear

gdiplus

GdipCreateSolidFill
GdipSetSmoothingMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCloneBrush
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathCurve2I
GdipFillPath
GdipSetSolidFillColor
GdipSetPenWidth
GdipSetPenColor
GdipSetPenDashStyle
GdipDrawPath
GdipAddPathArcI
GdipSetPenMode
GdipCreateLineBrushI
GdipSetLinePresetBlend
GdipFillEllipseI
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageRawFormat
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipDrawImageRectI
GdipCloneImage
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipDrawLineI

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA

iphlpapi

GetIfTable
GetTcpTable
GetUdpTable
GetInterfaceInfo

psapi

EnumProcesses
GetPerformanceInfo
GetProcessImageFileNameA
GetModuleFileNameExA

Sections

.text
Size: 493KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dat/config.dat
dat/dashbk.dat
.png
dat/dashbk1.dat
.png
dat/dashcover.dat
.png
dat/floatwnd.dat
.png
dat/gamelist.dat
dat/ication.dat
dat/inter.dat
dat/preal.dat
.jpg
dat/ptdescr.dat
dat/topntab.dat
.png
dat/user.ini
xiprad.dll
.dll windows:5 windows x86 arch:x86

bdff74c203c766589633d2d9f18175b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs
socket
ioctlsocket
setsockopt
WSAGetLastError
bind
htons
recv
closesocket
ntohl

xutil

?unlock@XLock@@QAEXXZ
?lock@XLock@@QAEXXZ
??1XLock@@UAE@XZ
??_7XLock@@6B@
??0XLock@@QAE@XZ
?start@XThread@@QAEXXZ
??0XThread@@QAE@XZ
??1XThread@@UAE@XZ
??_7XThread@@6B@

iphlpapi

GetIpAddrTable

psapi

GetProcessImageFileNameA

kernel32

GetStringTypeW
GetStringTypeA
HeapSize
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
GetLocaleInfoA
FreeEnvironmentStringsW
GetEnvironmentStrings
lstrcmpiA
Sleep
InterlockedExchangeAdd
LocalFree
FormatMessageA
GetProcessIoCounters
CloseHandle
OpenProcess
GetVersionExA
GetProcAddress
LoadLibraryA
GetModuleHandleA
CreateEventA
SetEvent
WaitForSingleObject
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTickCount
ExitThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
CreateThread
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA

advapi32

StartTraceA
OpenTraceA
ProcessTrace
RemoveTraceCallback
ControlTraceA
CloseTrace
SetTraceCallback

Exports

Exports

??0XAllListener@@QAE@ABV0@@Z
??0XAllListener@@QAE@K@Z
??0XDNSRecord@@AAE@XZ
??0XDNSRecord@@QAE@ABV0@@Z
??0XGameIPCounter@@QAE@ABV0@@Z
??0XGameIPCounter@@QAE@KG@Z
??0XGameProcesslist@@IAE@XZ
??0XGameProcesslist@@QAE@ABV0@@Z
??0XIPCounter@@QAE@ABV0@@Z
??0XIPCounter@@QAE@KG@Z
??0XLocalListener@@IAE@K@Z
??0XLocalListener@@QAE@ABV0@@Z
??0XPCNetcardInfo@@QAE@XZ
??0XPCProcessInfo@@AAE@XZ
??0XPCProcessInfo@@QAE@ABV0@@Z
??0XPacketBaseParser@@QAE@ABV0@@Z
??0XPacketBaseParser@@QAE@XZ
??0XPacketBuffer@@QAE@XZ
??0XPacketCounter@@QAE@ABV0@@Z
??0XPacketCounter@@QAE@KG@Z
??0XPacketListener@@IAE@XZ
??0XPacketListener@@QAE@ABV0@@Z
??0XPacketMgr@@AAE@XZ
??0XPacketMgr@@QAE@ABV0@@Z
??0XPacketParser@@IAE@XZ
??0XPacketParser@@QAE@ABV0@@Z
??0XPacketQueue@@AAE@K@Z
??0XPacketQueueMgr@@QAE@ABV0@@Z
??0XPacketQueueMgr@@QAE@XZ
??0XParserResult@@IAE@XZ
??0XParserResult@@QAE@ABV0@@Z
??0XParserResultMgr@@AAE@XZ
??0XParserWorker@@AAE@XZ
??0XParserWorker@@QAE@ABV0@@Z
??0XSnifferSocket@@QAE@XZ
??1XAllListener@@UAE@XZ
??1XDNSRecord@@AAE@XZ
??1XGameIPCounter@@MAE@XZ
??1XGameProcesslist@@IAE@XZ
??1XIPCounter@@MAE@XZ
??1XLocalListener@@MAE@XZ
??1XPCNetcardInfo@@QAE@XZ
??1XPCProcessInfo@@AAE@XZ
??1XPacketBaseParser@@MAE@XZ
??1XPacketBuffer@@QAE@XZ
??1XPacketCounter@@MAE@XZ
??1XPacketListener@@MAE@XZ
??1XPacketMgr@@AAE@XZ
??1XPacketParser@@MAE@XZ
??1XPacketQueue@@AAE@XZ
??1XPacketQueueMgr@@MAE@XZ
??1XParserResult@@MAE@XZ
??1XParserResultMgr@@AAE@XZ
??1XParserWorker@@EAE@XZ
??1XSnifferSocket@@QAE@XZ
??4XAllListener@@QAEAAV0@ABV0@@Z
??4XDNSRecord@@QAEAAV0@ABV0@@Z
??4XGameIPCounter@@QAEAAV0@ABV0@@Z
??4XGameProcesslist@@QAEAAV0@ABV0@@Z
??4XIPCounter@@QAEAAV0@ABV0@@Z
??4XLocalListener@@QAEAAV0@ABV0@@Z
??4XPCNetcardInfo@@QAEAAV0@ABV0@@Z
??4XPCProcessInfo@@QAEAAV0@ABV0@@Z
??4XPacketBaseParser@@QAEAAV0@ABV0@@Z
??4XPacketBuffer@@QAEAAV0@ABV0@@Z
??4XPacketCounter@@QAEAAV0@ABV0@@Z
??4XPacketListener@@QAEAAV0@ABV0@@Z
??4XPacketMgr@@QAEAAV0@ABV0@@Z
??4XPacketParser@@QAEAAV0@ABV0@@Z
??4XPacketQueue@@QAEAAV0@ABV0@@Z
??4XPacketQueueMgr@@QAEAAV0@ABV0@@Z
??4XParserResult@@QAEAAV0@ABV0@@Z
??4XParserResultMgr@@QAEAAV0@ABV0@@Z
??4XParserWorker@@QAEAAV0@ABV0@@Z
??_7XAllListener@@6B@
??_7XGameIPCounter@@6B@
??_7XIPCounter@@6B@
??_7XLocalListener@@6B@
??_7XPacketBaseParser@@6B@
??_7XPacketCounter@@6B@
??_7XPacketListener@@6B@
??_7XPacketParser@@6B@
??_7XPacketQueueMgr@@6B@
??_7XParserResult@@6B@
??_7XParserWorker@@6B@
?Instance@XDNSRecord@@SAPAV1@XZ
?Instance@XGameProcesslist@@SAPAV1@XZ
?Instance@XPCProcessInfo@@SAPAV1@XZ
?Instance@XPacketMgr@@SAPAV1@XZ
?Instance@XPacketQueueMgr@@SAPAV1@XZ
?Instance@XParserResultMgr@@SAPAV1@XZ
?Instance@XParserWorker@@SAPAV1@XZ
?addGameCounter@XGameIPCounter@@QAEXPBU_X_R_PACKETCOUNTER@@H@Z
?addGameIPReCheck@XGameIPCounter@@QAEXPBU_X_R_PACKETCOUNTER@@@Z
?addGameProcess@XGameProcesslist@@QAEXPBD@Z
?addGameProcessPid@XGameProcesslist@@QAEXI@Z
?addICQCounter@XIPCounter@@QAEXPBU_X_R_PACKETCOUNTER@@@Z
?addICQIPReCheck@XIPCounter@@QAEXPBU_X_R_PACKETCOUNTER@@@Z
?addICQProcessName@XIPCounter@@SAXPBD0@Z
?addNetData@XPCProcessInfo@@QAEKABUIPTAPEPRO_NetIo@@@Z
?addParser@XPacketMgr@@QAEXPAVXPacketParser@@@Z
?addRecord@XDNSRecord@@QAEXKPBDH@Z
?addResult@XParserResultMgr@@QAEXHPAVXParserResult@@@Z
?bind@XSnifferSocket@@QAEHKH@Z
?checkDNSPacket@XLocalListener@@AAE_NPBDH@Z
?clear@XGameIPCounter@@UAEXXZ
?clear@XIPCounter@@UAEXXZ
?clear@XPacketCounter@@UAEXXZ
?close@XLocalListener@@UAEXXZ
?close@XPacketMgr@@QAEXXZ
?close@XPacketQueueMgr@@QAEXXZ
?close@XSnifferSocket@@QAEXXZ
?closeInfo@XPCProcessInfo@@QAEXXZ
?copyString@XIPCounter@@CAXPADPBDH@Z
?count@XGameIPCounter@@QAEXKHH@Z
?count@XIPCounter@@QAEXKHHH@Z
?count@XPacketCounter@@QAEXKGGHHK@Z
?createListener@XPacketMgr@@QAEHXZ
?createListener@XPacketMgr@@QAEPAVXPacketListener@@HK@Z
?createPacketCounter@XGameIPCounter@@AAEPAU_X_R_PACKETCOUNTER@@XZ
?createPacketCounter@XIPCounter@@AAEPAU_X_R_PACKETCOUNTER@@XZ
?createPacketCounter@XPacketCounter@@AAEPAU_X_R_PACKETCOUNTER@@XZ
?createQueue@XPacketQueueMgr@@QAEPAVXPacketQueue@@K@Z
?disableNetIOQueue@XPCProcessInfo@@QAEXXZ
?enableNetIOQueue@XPCProcessInfo@@QAEXXZ
?findListener@XPacketMgr@@QAEPAVXPacketListener@@K@Z
?get@XPacketBuffer@@QAEHPADH@Z
?getCounter@XPacketQueue@@QAEHXZ
?getCounters@XGameIPCounter@@QAEHQAPAU_X_R_PACKETCOUNTER@@H@Z
?getCounters@XIPCounter@@QAEHQAPAU_X_R_PACKETCOUNTER@@H@Z
?getCounters@XPacketCounter@@QAEHQAPAU_X_R_PACKETCOUNTER@@H@Z
?getDNSName@XDNSRecord@@QAEHKPADH@Z
?getDiskIO@XPCProcessInfo@@QAEHQAY02KH@Z
?getID@XPacketQueue@@QAEKXZ
?getIPAddrs@XPCNetcardInfo@@QAEHXZ
?getIPByIndex@XPCNetcardInfo@@QAEKH@Z
?getIPdata@XGameIPCounter@@UAE_NKAAU_X_R_PACKETCOUNTER@@@Z
?getIPdata@XIPCounter@@UAE_NKAAU_X_R_PACKETCOUNTER@@@Z
?getIPdata@XPacketCounter@@UAE_NKAAU_X_R_PACKETCOUNTER@@@Z
?getIPs@XGameIPCounter@@UAEHQAK0KH@Z
?getIPs@XIPCounter@@UAEHQAK0KH@Z
?getIPs@XPacketCounter@@UAEHQAK0KH@Z
?getIp@XLocalListener@@UAEKXZ
?getItemIPs@XGameIPCounter@@UAEHHQAU_X_PACKETCOUNTER_ITEMDATA@@NH@Z
?getItemIPs@XIPCounter@@UAEHHQAU_X_PACKETCOUNTER_ITEMDATA@@NH@Z
?getItemIPs@XPacketCounter@@UAEHHQAU_X_PACKETCOUNTER_ITEMDATA@@NH@Z
?getLocalIP@XParserResult@@QAEKXZ
?getLocalPort@XParserResult@@QAEGXZ
?getMode@XSnifferSocket@@QAEHXZ
?getNetIO@XPCProcessInfo@@QAEHQAY02KH@Z
?getParser@XPacketMgr@@QAEPAVXPacketParser@@H@Z
?getParserCounter@XPacketMgr@@QAEHXZ
?getProcessIoCounters@XPCProcessInfo@@QAEHPAXPAU_IO_COUNTERS@@@Z
?getQueue@XPacketQueueMgr@@QAEPAVXPacketQueue@@K@Z
?getQueueByIndex@XPacketQueueMgr@@QAEPAVXPacketQueue@@H@Z
?getResult@XParserResultMgr@@QAEPAVXParserResult@@H@Z
?getStatData@XGameIPCounter@@UAEKAAU_X_PACKETCOUNTER_STATDATA@@@Z
?getStatData@XIPCounter@@UAEKAAU_X_PACKETCOUNTER_STATDATA@@@Z
?getStatData@XPacketCounter@@UAEKAAU_X_PACKETCOUNTER_STATDATA@@@Z
?getStatus@XAllListener@@UAE_NXZ
?getStatus@XLocalListener@@UAE_NXZ
?getTCP_pid@XPCProcessInfo@@AAEXXZ
?getTcpProgramPid@XPCProcessInfo@@AAEKK@Z
?getTotalBytes@XParserResult@@UAENH@Z
?getTotalPackets@XParserResult@@UAENH@Z
?getType@XParserResult@@QAEHXZ
?hasDNSName@XDNSRecord@@QAE_NK@Z
?init@XGameIPCounter@@UAEXXZ
?init@XGameProcesslist@@AAEXXZ
?init@XIPCounter@@UAEXXZ
?init@XLocalListener@@UAEHXZ
?init@XPCProcessInfo@@AAEXXZ
?init@XPacketBaseParser@@UAEXXZ
?init@XPacketCounter@@UAEXXZ
?init@XPacketQueue@@AAEXXZ
?init@XParserWorker@@QAEXXZ
?isGameProcess@XGameProcesslist@@QAE_NPBD@Z
?isICQProcess@XIPCounter@@AAEPBDPBD@Z
?listen@XLocalListener@@UAEXXZ
?loadProcessList@XGameProcesslist@@QAEXXZ
?m_instance@XDNSRecord@@0PAV1@A
?m_instance@XGameProcesslist@@0PAV1@A
?m_instance@XPCProcessInfo@@0PAV1@A
?m_instance@XPacketMgr@@0PAV1@A
?m_instance@XPacketQueueMgr@@0PAV1@A
?m_instance@XParserResultMgr@@0PAV1@A
?m_instance@XParserWorker@@0PAV1@A
?m_lastIPAddress@XParserResult@@2KA
?m_osVersionType@XPCProcessInfo@@2HA
?m_staticIPBytes@XParserResult@@2NA
?m_staticUserIPBytes@XParserResult@@2NA
?match@XParserResult@@UAE_NKGH@Z
?parser@XPacketBaseParser@@UAEXKPBDH@Z
?parserDNS@XPacketBaseParser@@AAEXPBDH@Z
?parserDNSName@XPacketBaseParser@@AAEHPADHPBDHH@Z
?parserSock@XPacketBaseParser@@UAEXABUIPTAPEPRO_NetIo@@@Z
?pop@XPacketQueue@@AAEHPADH@Z
?print@XDNSRecord@@QAEXXZ
?print@XPCProcessInfo@@QAEXXZ
?push@XPacketQueue@@QAEHPBDH@Z
?queryOsVersion@XPCProcessInfo@@AAEXXZ
?queryProcessName@XPCProcessInfo@@QAEHHPADH@Z
?reCheckGame@XPacketCounter@@AAEXXZ
?receive@XSnifferSocket@@QAEHPADH@Z
?reload@XPCProcessInfo@@QAEXXZ
?run@XLocalListener@@MAEXXZ
?run@XParserWorker@@MAEXXZ
?save@XPacketBuffer@@QAEHPBDH@Z
?setCheckGameFlag@XPacketCounter@@QAEXXZ
?size@XDNSRecord@@QAEHXZ
?size@XGameIPCounter@@UAEHXZ
?size@XIPCounter@@UAEHXZ
?size@XPacketCounter@@UAEHXZ
?size@XPacketQueueMgr@@QAEHXZ
?start@XAllListener@@QAEXXZ
?stop@XAllListener@@UAEXXZ
?stop@XLocalListener@@UAEXXZ
?stop@XPacketBaseParser@@UAEXXZ
?stop@XParserWorker@@QAEXXZ

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xutil.dll
.dll windows:5 windows x86 arch:x86

84f59f4066dbbf360662315ca1c939c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetProcAddress
LoadLibraryA
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
ExitThread
GetCurrentThreadId
CreateThread
GetLocalTime
GetSystemTimeAsFileTime
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapAlloc
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileW
CreateFileA
SetEndOfFile
GetProcessHeap

Exports

Exports

??0Result@@QAE@ABV0@@Z
??0Result@@QAE@XZ
??0WorkDefault@@QAE@ABV0@@Z
??0WorkDefault@@QAE@XZ
??0XClassLoader@@AAE@XZ
??0XConfig@@IAE@XZ
??0XDataBuffer@@QAE@H@Z
??0XDataBuffer@@QAE@XZ
??0XException@@QAE@ABV0@@Z
??0XException@@QAE@PBD@Z
??0XException@@QAE@XZ
??0XLock@@QAE@ABV0@@Z
??0XLock@@QAE@XZ
??0XLog@@IAE@XZ
??0XThread@@QAE@ABV0@@Z
??0XThread@@QAE@XZ
??0XTime@@QAE@XZ
??0XWork@@QAE@ABV0@@Z
??0XWork@@QAE@XZ
??0XWorker@@QAE@ABV0@@Z
??0XWorker@@QAE@XZ
??0XWorkerManager@@IAE@XZ
??0XWorkerManager@@QAE@ABV0@@Z
??1Result@@QAE@XZ
??1WorkDefault@@UAE@XZ
??1XClassLoader@@AAE@XZ
??1XConfig@@IAE@XZ
??1XDataBuffer@@QAE@XZ
??1XException@@UAE@XZ
??1XLock@@UAE@XZ
??1XLog@@IAE@XZ
??1XThread@@UAE@XZ
??1XTime@@QAE@XZ
??1XWork@@UAE@XZ
??1XWorker@@UAE@XZ
??1XWorkerManager@@IAE@XZ
??4Result@@QAEAAV0@ABV0@@Z
??4WorkDefault@@QAEAAV0@ABV0@@Z
??4XClassLoader@@QAEAAV0@ABV0@@Z
??4XConfig@@QAEAAV0@ABV0@@Z
??4XDataBuffer@@QAEAAV0@ABV0@@Z
??4XException@@QAEAAV0@ABV0@@Z
??4XLock@@QAEAAV0@ABV0@@Z
??4XThread@@QAEAAV0@ABV0@@Z
??4XTime@@QAEAAV0@ABV0@@Z
??4XWork@@QAEAAV0@ABV0@@Z
??4XWorker@@QAEAAV0@ABV0@@Z
??4XWorkerManager@@QAEAAV0@ABV0@@Z
??_7WorkDefault@@6B@
??_7XException@@6B@
??_7XLock@@6B@
??_7XThread@@6B@
??_7XWork@@6B@
??_7XWorker@@6B@
?Instance@XLog@@SAPAV1@XZ
?Instance@XWorkerManager@@SAPAV1@XZ
?__bogusthreadfunc@XLog@@CGIPAX@Z
?_instance@XLog@@0PAV1@A
?_instance@XWorkerManager@@0PAV1@A
?add@Result@@QAEXAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@HH@Z
?add@Result@@QAEXPBD@Z
?clear@Result@@QAEXXZ
?config_content@XConfig@@0V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@A
?create_randnum@@YAHHH@Z
?currentLogLevel@XLog@@0HA
?debug@XLog@@SAXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?debug@XLog@@SAXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?debug@XLog@@SAXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?debug@XLog@@SAXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?debug@XLog@@SAXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@J@Z
?debug@XLog@@SAXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?debug@XLog@@SAXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@M@Z
?debug@XLog@@SAXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@N@Z
?defaultstr@XConfig@@0V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@A
?doWork@XWorker@@UAEXPAVXWork@@@Z
?doWork@XWorkerManager@@QAEXPAVXWork@@@Z
?execute@WorkDefault@@UAEXXZ
?freeOldData@Result@@AAEXXZ
?freeOldData@XDataBuffer@@AAEXXZ
?getAttribute@XWork@@QAEAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
?getBufferLength@XDataBuffer@@QAEHXZ
?getColNum@Result@@QAEHXZ
?getData@XDataBuffer@@QAEPBDXZ
?getDate@XTime@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getDate_time@XTime@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getDim2@Result@@QAEPAPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getMessage@XException@@QAEPBDXZ
?getRow@Result@@QAEPBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?getRowNum@Result@@QAEHXZ
?getString@Result@@QAEPBDXZ
?getThreadID@XThread@@QAEIXZ
?getTime@XTime@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getTimeLong@XTime@@QAEKXZ
?getValue@XConfig@@SAPBDPBD@Z
?getWorker@XWorkerManager@@AAEPAVXWorker@@XZ
?i2str@@YAXHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?init@XLog@@AAEXXZ
?isAvailable@XWorker@@QAE_NXZ
?l2str@@YAXJAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?libpath@XClassLoader@@0V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@A
?load@XClassLoader@@SAPAXPBD0@Z
?load@XClassLoader@@SAPAXPBD@Z
?load@XConfig@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?load@XConfig@@SA_NPBD@Z
?load_class@@YAPAXPBD0@Z
?lock@XLock@@QAEXXZ
?openFile@XLog@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?putData@XDataBuffer@@QAEHPBDH@Z
?run@XWorker@@UAEXXZ
?save@XConfig@@SA_NXZ
?setAttribute@XWork@@QAEXPBD0@Z
?setBufferLength@XDataBuffer@@QAEXH@Z
?setLibPath@XClassLoader@@SAXPBD@Z
?setLogLevel@XLog@@QAEXH@Z
?setSleepTime@WorkDefault@@QAEXH@Z
?setSleepTime@XWorker@@QAEXH@Z
?setWorkerMax@XWorkerManager@@QAEXH@Z
?setWorkerSleepTime@XWorkerManager@@QAEXH@Z
?size@XDataBuffer@@QAEHXZ
?start@XThread@@QAEXXZ
?str2d@@YANABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?str2f@@YAMABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?str2i@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?str2l@@YAJABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?str2ui@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?str2ul@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?threadProc@XThread@@CGIPAX@Z
?trim@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ui2str@@YAXIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ul2str@@YAXKAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?unlock@XLock@@QAEXXZ
?worker_max@XWorkerManager@@0HA
?worker_total@XWorkerManager@@0HA
?write@XLog@@QAEXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?writeToFile@XLog@@AAEXXZ
?xnetSleep@@YAXH@Z

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bf5623c0eea5f0cf66dd5487978287e

Headers

DLL Characteristics

File Characteristics

Imports

xiprad

ws2_32

xutil

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

wininet

iphlpapi

psapi

Sections

.text Size: 493KB - Virtual size: 493KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: 19KB - Virtual size: 35KB

.rsrc Size: 248KB - Virtual size: 247KB

bdff74c203c766589633d2d9f18175b1

Headers

File Characteristics

Imports

ws2_32

xutil

iphlpapi

psapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

84f59f4066dbbf360662315ca1c939c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 493KB - Virtual size: 493KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: 19KB - Virtual size: 35KB

.rsrc
Size: 248KB - Virtual size: 247KB

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 10KB - Virtual size: 10KB