46141efb0d5338e299c0b4a86ba581acf9abe7492395ffa083fd1f5d8e050f63

Sharing

Copy URL Twitter E-mail

General

Target

46141efb0d5338e299c0b4a86ba581acf9abe7492395ffa083fd1f5d8e050f63
Size

196KB
MD5

c65bb93fcaf6ccc480164e4d1c9ceef2
SHA1

e07410a3c86bb727772e035de11653a83ed44895
SHA256

46141efb0d5338e299c0b4a86ba581acf9abe7492395ffa083fd1f5d8e050f63
SHA512

0672c1f3376b19cfab597c17e35f64d98f216d6be39017b40147054b7c84ce904fd46af6f36455d85a01391da41dc9a5fe781551f4804402574438bd102d3143
SSDEEP

3072:SXY8s3vZw2NzKIT3kIgfBnd2zwA2FAppDgFmwKRqYLL/2Wq30w0aPpB3QRWyIKKQ:kL4zKagZTnAppDgAwTJ01aPpBC/Ine

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46141efb0d5338e299c0b4a86ba581acf9abe7492395ffa083fd1f5d8e050f63

Files

46141efb0d5338e299c0b4a86ba581acf9abe7492395ffa083fd1f5d8e050f63
.dll windows x86

557267dd7f10762c3ae9d79c48fe0326

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACloseEvent
WSAStartup
WSACleanup
closesocket
shutdown
WSAWaitForMultipleEvents
inet_addr
gethostbyname
WSASetEvent
WSAResetEvent
send
recv
htonl
bind
accept
listen
socket
setsockopt
htons
WSAEventSelect
connect
WSAEnumNetworkEvents
WSACreateEvent
WSAGetLastError

wininet

InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
InternetCrackUrlA
InternetConnectA
InternetSetOptionA
HttpOpenRequestA
InternetOpenA

dalog

?storage@CDALog@@QAEXPBD00_N1@Z
??0CDALog@@QAE@XZ
??1CDALog@@QAE@XZ
??RCDALog@@QAEAAV0@W4Lvl@0@@Z
?Write@CDALog@@QAEXABVCString@@@Z

mfc42

ord6876
ord535
ord858
ord5710
ord6662
ord540
ord3663
ord801
ord541
ord4129
ord823
ord6883
ord2763
ord6143
ord2044
ord2107
ord5450
ord5834
ord5440
ord6383
ord6394
ord825
ord2841
ord2448
ord537
ord3584
ord543
ord803
ord6307
ord521
ord4278
ord4203
ord2818
ord860
ord5608
ord2764
ord4202
ord6877
ord941
ord538
ord861
ord2915
ord926
ord610
ord6139
ord939
ord287
ord5861
ord1622
ord5683
ord4277
ord802
ord542
ord6569
ord2820
ord3811
ord1567
ord1979
ord6385
ord5622
ord665
ord5186
ord354
ord268
ord772
ord800
ord5860
ord5606
ord6142
ord1265
ord348
ord663
ord3337
ord551
ord398
ord700
ord5594
ord913
ord4189
ord924
ord539
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord269
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord5632
ord3439
ord6283
ord6282
ord940
ord773
ord699
ord501
ord397
ord5600
ord5593
ord3438
ord912
ord4188
ord5631
ord5607
ord998
ord715
ord415
ord1081
ord5620
ord5605
ord1105
ord702
ord400
ord5596
ord3441
ord915
ord2065
ord5634
ord4191
ord2458
ord6289
ord968
ord3470
ord1648
ord1238
ord1601
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord500
ord3081

msvcrt

__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
mktime
gmtime
strncpy
free
realloc
malloc
time
_vsnprintf
strtol
memmove
_purecall
_mbsicmp
_mbsnbcpy
strchr
_mbscmp
atoi
__CxxFrameHandler
_CxxThrowException
wcslen
_EH_prolog

kernel32

GetExitCodeThread
ResetEvent
SetEvent
LocalFree
LockResource
WaitForMultipleObjects
TerminateThread
ResumeThread
WaitForSingleObject
CreateDirectoryA
InterlockedDecrement
LocalAlloc
FindResourceA
LoadResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
lstrlenA
GetLastError
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
InitializeCriticalSection

user32

wsprintfA

advapi32

CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptCreateHash
CryptEncrypt
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptDecrypt

ole32

OleRun
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
SysFreeString
CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantInit

gzip2

Gzip2A

Exports

Exports

?JDMsgProxyFactory@@YAPAUIMsgProxy@@XZ

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

557267dd7f10762c3ae9d79c48fe0326

Headers

File Characteristics

Imports

ws2_32

wininet

dalog

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

gzip2

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 12KB - Virtual size: 10KB