4b3ef75fb2ad0d9eb62680800840e2ada49af4e3db6ed7cd413797863b79c83e

Sharing

Copy URL Twitter E-mail

General

Target

4b3ef75fb2ad0d9eb62680800840e2ada49af4e3db6ed7cd413797863b79c83e
Size

192KB
MD5

3cc9723ac68f4336295071cc6a43367d
SHA1

2a9e2f0cf970e2468a174fb84e82ac3e8c20828a
SHA256

4b3ef75fb2ad0d9eb62680800840e2ada49af4e3db6ed7cd413797863b79c83e
SHA512

02dfd1d49cd9f719e0efd5feee826d3bf7c015cc209b020536f7ac2216ec4dabcc30f5a15d0982ce49509a9cc06b12aac13f0ab4647e196b207f1589a8f8c2ee
SSDEEP

6144:FZxxRx1IB/33dpXaZEybXbCUY6aJW3T4qX+Pr:FZxxRx19ZEybrC1ZiEr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b3ef75fb2ad0d9eb62680800840e2ada49af4e3db6ed7cd413797863b79c83e

Files

4b3ef75fb2ad0d9eb62680800840e2ada49af4e3db6ed7cd413797863b79c83e
.dll windows x86

d75c78205064209630bb64e0940f6e43

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACloseEvent
WSAStartup
WSACleanup
closesocket
shutdown
WSAWaitForMultipleEvents
inet_addr
gethostbyname
WSASetEvent
WSAResetEvent
send
recv
htonl
bind
accept
listen
socket
setsockopt
htons
WSAEventSelect
connect
WSAEnumNetworkEvents
WSACreateEvent
WSAGetLastError

wininet

InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
InternetCrackUrlA
InternetConnectA
InternetSetOptionA
HttpOpenRequestA
InternetOpenA

dalog

?storage@CDALog@@QAEXPBD00_N1@Z
??0CDALog@@QAE@XZ
??1CDALog@@QAE@XZ
??RCDALog@@QAEAAV0@W4Lvl@0@@Z
?Write@CDALog@@QAEXABVCString@@@Z

mfc42

ord5710
ord6662
ord540
ord3663
ord801
ord541
ord4129
ord823
ord6883
ord2763
ord6143
ord2044
ord2107
ord5450
ord5834
ord5440
ord6383
ord6394
ord825
ord2841
ord2448
ord537
ord3584
ord543
ord803
ord6307
ord521
ord4278
ord4203
ord2818
ord860
ord5608
ord2764
ord4202
ord6877
ord538
ord861
ord2915
ord926
ord610
ord6139
ord939
ord941
ord287
ord5861
ord1622
ord5683
ord4277
ord802
ord542
ord6569
ord2820
ord3811
ord1567
ord1979
ord6385
ord5622
ord665
ord5186
ord354
ord268
ord772
ord500
ord5860
ord858
ord6142
ord1265
ord3337
ord551
ord398
ord700
ord5594
ord913
ord4189
ord924
ord539
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord535
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord5632
ord3439
ord6283
ord6282
ord940
ord773
ord699
ord501
ord397
ord5600
ord5593
ord3438
ord912
ord4188
ord5631
ord5607
ord998
ord715
ord348
ord415
ord663
ord1081
ord5620
ord5605
ord1105
ord702
ord400
ord5596
ord3441
ord915
ord2065
ord5634
ord4191
ord2458
ord6289
ord968
ord3470
ord1648
ord1238
ord1601
ord6876
ord800
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord5606
ord3831

msvcrt

??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_except_handler3
_onexit
__dllonexit
mktime
gmtime
strncpy
free
realloc
malloc
time
_vsnprintf
strtol
memmove
_purecall
_mbsicmp
_mbsnbcpy
strchr
_mbscmp
atoi
__CxxFrameHandler
_CxxThrowException
wcslen
?terminate@@YAXXZ

kernel32

ResetEvent
SetEvent
InterlockedCompareExchange
WaitForSingleObject
WaitForMultipleObjects
TerminateThread
ResumeThread
InterlockedIncrement
Sleep
CreateDirectoryA
InterlockedDecrement
LocalAlloc
FindResourceA
LoadResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
lstrlenA
GetLastError
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetExitCodeThread
SetLastError
LocalFree
LockResource
InitializeCriticalSection

user32

wsprintfA

advapi32

CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptCreateHash
CryptEncrypt
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptDecrypt

ole32

OleRun
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
SysFreeString
CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantInit

gzip2

Gzip2A

Exports

Exports

?JDMsgProxyFactory@@YAPAUIMsgProxy@@XZ

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d75c78205064209630bb64e0940f6e43

Headers

File Characteristics

Imports

ws2_32

wininet

dalog

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

gzip2

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 12KB - Virtual size: 10KB