0782d09dfa64a512e4d0e41f0cbe2b387d8e2f917fb4b78ff9608f3c071c1f93

Sharing

Copy URL Twitter E-mail

General

Target

0782d09dfa64a512e4d0e41f0cbe2b387d8e2f917fb4b78ff9608f3c071c1f93
Size

432KB
MD5

6997f193f06eb704ddf2642b9feddbad
SHA1

66da2c868eba7be1914e0dc6ac2fed6c0f18a75f
SHA256

0782d09dfa64a512e4d0e41f0cbe2b387d8e2f917fb4b78ff9608f3c071c1f93
SHA512

c17e8d35946061ea3812b3e74f5f29f57023ccf61d0b65c824df074ed4501b1dc3240f3c553842ae5a47449f2118887ad288c9d83a6bee52cd26fb253085602b
SSDEEP

6144:VKvtqXn+WhASwdnCtFQ+uWoPz4nbQoRM/ns9tnsZv/nXI6/+z+T1bTGfTNVlvrS:5AX+uWoPz4nbQo2/2ns1/heTNVlDS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0782d09dfa64a512e4d0e41f0cbe2b387d8e2f917fb4b78ff9608f3c071c1f93

Files

0782d09dfa64a512e4d0e41f0cbe2b387d8e2f917fb4b78ff9608f3c071c1f93
.dll windows x86

334a644ba8da80b64b25199f7b082cfa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetConnectA
InternetCanonicalizeUrlA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetGetConnectedState
InternetCrackUrlA
InternetSetOptionA
InternetOpenA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

winmm

timeGetTime

brotlidec

BrotliDecoderDecompress

gzip2

Gzip2A

dassfile

ssFileOpen

dalog

??1CDALog@@QAE@XZ
??0CDALog@@QAE@XZ
?storage@CDALog@@QAEXPBD00_N1@Z
?Write@CDALog@@QAEXABVCString@@@Z
??RCDALog@@QAEAAV0@W4Lvl@0@@Z
?Write@CDALog@@QAAXPBDZZ

xmlhelper3

?LoadXml@CXmlDocument@PugiXMLHelper@@QAE?AUxml_parse_result@pugi@@PBDI@Z
??0CXmlDocument@PugiXMLHelper@@QAE@XZ
?Size@CXmlNodeList@PugiXMLHelper@@QAEJXZ
?SelectNodes@CXmlNode@PugiXMLHelper@@QBE?AVCXmlNodeList@2@PBDPAVxpath_variable_set@pugi@@@Z
?Empty@CXmlNodeList@PugiXMLHelper@@QBE_NXZ
??1CXmlNodeList@PugiXMLHelper@@QAE@XZ
??0CXmlNode@PugiXMLHelper@@QAE@XZ
?Begin@CXmlNodeList@PugiXMLHelper@@QBEPBVxpath_node@pugi@@XZ
?End@CXmlNodeList@PugiXMLHelper@@QBEPBVxpath_node@pugi@@XZ
?GetNode@CXmlNodeList@PugiXMLHelper@@SA?AVCXmlNode@2@PBVxpath_node@pugi@@@Z
??1CXmlNode@PugiXMLHelper@@QAE@XZ
?SelectNodes@CXmlDocument@PugiXMLHelper@@QBE?AVCXmlNodeList@2@PBDPAVxpath_variable_set@pugi@@@Z
?ParseXMLFile@XMLHelper@@YAHABVCString@@AAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMDocument2@MSXML2@@$1?_GUID_2933bf95_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@A@@@@@Z
?ParseXML@XMLHelper@@YAHABVCString@@AAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMDocument2@MSXML2@@$1?_GUID_2933bf95_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@A@@@@@Z
?GetAttr_String@CXmlUtil@PugiXMLHelper@@SAPBDVCXmlNode@2@PAD@Z
?GetAttr_Int@CXmlUtil@PugiXMLHelper@@SAHVCXmlNode@2@PADH@Z
?GetAttr_Long@CXmlUtil@PugiXMLHelper@@SAJVCXmlNode@2@PADJ@Z
?GetOptionalAttr@XMLHelper@@YA?AVCString@@AAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMElement@MSXML2@@$1?_GUID_2933bf86_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@A@@@@PBD1@Z
?GetSAXAttr@XMLHelper@@YAXAAV?$_com_ptr_t@V?$_com_IIID@UISAXAttributes@MSXML2@@$1?_GUID_f078abe1_45d2_4832_91ea_4466ce2f25c9@@3U__s_GUID@@A@@@@PBGAAVCString@@@Z
?GetOptionalAttr@XMLHelper@@YAJAAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMElement@MSXML2@@$1?_GUID_2933bf86_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@A@@@@PBDJ@Z
??1CXmlAttribute@PugiXMLHelper@@QAE@XZ
?Value@CXmlAttribute@PugiXMLHelper@@QBEPBDXZ
?Attribute@CXmlNode@PugiXMLHelper@@QBE?AVCXmlAttribute@2@PBD@Z
?Empty@CXmlNode@PugiXMLHelper@@QBE_NXZ
?GetSAXAttr@XMLHelper@@YAXAAV?$_com_ptr_t@V?$_com_IIID@UISAXAttributes@MSXML2@@$1?_GUID_f078abe1_45d2_4832_91ea_4466ce2f25c9@@3U__s_GUID@@A@@@@PBGAAJ@Z
??Bxml_parse_result@pugi@@QBE_NXZ
?SelectSingleNode@CXmlNode@PugiXMLHelper@@QBE?AV12@PBDPAVxpath_variable_set@pugi@@@Z
?OuterXml@CXmlNode@PugiXMLHelper@@QAE?AVCString@@XZ
?LoadRes@XMLHelper@@YAHPAUHINSTANCE__@@HAAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMDocument2@MSXML2@@$1?_GUID_2933bf95_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@A@@@@@Z
??1CXmlDocument@PugiXMLHelper@@QAE@XZ

mfc42

ord269
ord826
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord600
ord800
ord500
ord540
ord772
ord6142
ord825
ord823
ord858
ord5860
ord922
ord535
ord2818
ord4278
ord4129
ord860
ord812
ord801
ord541
ord537
ord559
ord397
ord699
ord5593
ord912
ord6283
ord4188
ord6876
ord3584
ord348
ord543
ord803
ord663
ord668
ord1980
ord2770
ord356
ord3438
ord3938
ord6307
ord5631
ord521
ord5862
ord6877
ord2764
ord665
ord1979
ord6385
ord353
ord5683
ord6153
ord3790
ord5442
ord3318
ord5186
ord354
ord400
ord702
ord939
ord940
ord2614
ord3337
ord6883
ord924
ord6663
ord6311
ord4171
ord5710
ord2915
ord5572
ord802
ord1622
ord542
ord5608
ord2065
ord5610
ord539
ord861
ord5609
ord2765
ord6662
ord6569
ord5773
ord6010
ord4204
ord3663
ord6144
ord5450
ord6394
ord5440
ord6383
ord1871
ord6571
ord5460
ord915
ord4191
ord3441
ord5596
ord5634
ord3181
ord3178
ord4058
ord2781
ord4202
ord6143
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord1238
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord1265
ord5600
ord501
ord5621
ord1083
ord5607
ord773
ord1158
ord941
ord6282
ord2763
ord2066
ord5606
ord1567
ord268
ord5861
ord4277
ord1105
ord551
ord3811
ord6648
ord538
ord715
ord415
ord1081
ord5620
ord5605
ord996
ord1601
ord998
ord798
ord1997
ord5465
ord5194
ord533
ord6467
ord6407
ord6929
ord2458
ord6289
ord968
ord3470
ord1648
ord5307

msvcrt

mktime
atoi
_purecall
time
_mbscmp
memcpy
memset
localtime
strftime
strcpy
strlen
_mbsnbcpy
strcmp
memcmp
abs
_mbsicmp
strncpy
_mbsupr
_EH_prolog
strchr
malloc
realloc
free
qsort
_stricmp
rand
srand
atol
gmtime
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
wcslen
__CxxFrameHandler
_CxxThrowException
memmove

kernel32

GetLastError
MultiByteToWideChar
LocalAlloc
lstrlenW
lstrlenA
GetTickCount
LocalFree
GetTimeZoneInformation
WaitForMultipleObjects
GetExitCodeThread
TerminateThread
ResetEvent
GetPrivateProfileIntA
ResumeThread
GetModuleFileNameA
InitializeCriticalSection
WideCharToMultiByte
SetEvent
WaitForSingleObject
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
SetFileAttributesA
CreateDirectoryA
DeleteFileA
DeleteCriticalSection

user32

LoadStringA
wsprintfA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantCopy
SysFreeString
VariantInit
VariantClear
GetErrorInfo
SetErrorInfo
CreateErrorInfo

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

?JDDBProxyFactory@@YAPAUIDBProxy@@XZ

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

334a644ba8da80b64b25199f7b082cfa

Headers

File Characteristics

Imports

wininet

winmm

brotlidec

gzip2

dassfile

dalog

xmlhelper3

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 295KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 296KB - Virtual size: 295KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 24KB - Virtual size: 20KB