440228917c51cdcf49b1a4657faadfc2bb2853c5edcfc0875f025c7cff5668ba

Sharing

Copy URL Twitter E-mail

General

Target

440228917c51cdcf49b1a4657faadfc2bb2853c5edcfc0875f025c7cff5668ba
Size

1.1MB
MD5

f8fa4f37199ae27ec8cf2ef74e1ac2ac
SHA1

6223450120b7b893db42905beb173391a31a16b8
SHA256

440228917c51cdcf49b1a4657faadfc2bb2853c5edcfc0875f025c7cff5668ba
SHA512

f16947fa55bef028993082adabaf400f7cd4bd17318045e0ca5d5c68c8724678136f2801eeea0eb6f96943b9640f0c1a29d9a1a86b2685f46cdab5cb2adf0ec7
SSDEEP

24576:uAILQstXGxsH7PWlHmmmcEJCLftfjFhpmMZtaxsGmW/Tr+JRX4gZ35iTbWz:5ILptWoWlH9/EQLftZhpmMZtaxsGmW/W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
440228917c51cdcf49b1a4657faadfc2bb2853c5edcfc0875f025c7cff5668ba

Files

440228917c51cdcf49b1a4657faadfc2bb2853c5edcfc0875f025c7cff5668ba
.dll windows x86

0b8aee74ab9a8b813128c73ea5c9f4cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSACleanup
WSAStartup
gethostbyname
socket
shutdown
send
recv
listen
inet_addr
htons
htonl
connect
closesocket
bind
accept
setsockopt
WSAEventSelect
WSAGetLastError

wininet

InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetStatusCallback
InternetReadFileExA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCrackUrlA

winmm

timeGetTime

iphlpapi

GetIpAddrTable

libzstd

ZSTD_decompress
ZSTD_getDecompressedSize

mfc110

ord12028
ord8191
ord1459
ord7470
ord8273
ord4941
ord1684
ord2335
ord12415
ord12470
ord6027
ord12371
ord8130
ord818
ord12451
ord1831
ord1950
ord12414
ord7848
ord1344
ord12695
ord552
ord8310
ord1644
ord12466
ord12373
ord6023
ord1175
ord2340
ord320
ord3515
ord499
ord11745
ord12128
ord14340
ord1133
ord12361
ord2227
ord2300
ord2474
ord3897
ord6075
ord1706
ord14164
ord2384
ord5212
ord2430
ord12318
ord12317
ord14329
ord7734
ord14327
ord9203
ord4084
ord4023
ord12720
ord7753
ord1978
ord11766
ord11765
ord14201
ord12307
ord7811
ord14401
ord6192
ord14403
ord6194
ord14402
ord6193
ord987
ord6694
ord3786
ord10228
ord12020
ord8025
ord12032
ord12000
ord5107
ord5404
ord5614
ord9155
ord5380
ord5617
ord5110
ord5266
ord5091
ord7537
ord4519
ord7528
ord5264
ord8027
ord10047
ord9016
ord6024
ord13705
ord1176
ord7775
ord12374
ord12467
ord1645
ord8311
ord553
ord12416
ord2414
ord13019
ord1058
ord13700
ord359
ord8166
ord8571
ord8570
ord12658
ord4594
ord5769
ord1687
ord305
ord2950
ord14059
ord13704
ord8525
ord4595
ord12336
ord8314
ord1179
ord12377
ord1648
ord556
ord1952
ord14149
ord14155
ord1402
ord12387
ord1833
ord12517
ord923
ord1452
ord979
ord4780
ord3175
ord14391
ord12182
ord14338
ord12125
ord2322
ord1401
ord13017
ord13703
ord12701
ord5765
ord12638
ord1500
ord1498
ord2329
ord2327
ord922
ord13020
ord1641
ord7151
ord265
ord2937
ord1683
ord14186
ord948
ord2115
ord12538
ord1519
ord1520
ord311
ord300
ord4977
ord6590
ord266
ord6345
ord1132
ord491
ord1440
ord970
ord1173
ord12464
ord1642
ord7538
ord7808
ord3783
ord1501
ord324
ord1044
ord2305
ord2189
ord323
ord1043
ord2352
ord2355
ord2318
ord2354
ord484
ord2211
ord2316
ord2128
ord2242
ord2343
ord485
ord8308
ord550
ord6436
ord1438
ord12417
ord13018
ord968
ord4746
ord2931
ord1517
ord1038
ord310
ord316
ord5732
ord1652
ord2333
ord6021

msvcr110

__crtUnhandledException
__crtTerminateProcess
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_beginthreadex
strerror
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_purecall
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_gmtime64
memchr
atol
llabs
abs
clock
_crt_debugger_hook
strftime
_mktime64
atof
strncpy
strcmp
realloc
malloc
free
strtol
memcmp
strchr
_time64
_localtime64
ldiv
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABQBD@Z
memcpy_s
__CxxFrameHandler3
_CxxThrowException
atoi
_mbsnbcpy
memmove
strlen
strcpy
memset
memcpy
labs
__clean_type_info_names_internal
_except_handler4_common

kernel32

ResumeThread
CreateEventA
CloseHandle
CreateDirectoryA
InterlockedCompareExchange
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetLocalTime
GetTickCount
GetProcessHeap
HeapAlloc
HeapFree
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
Sleep
SetLastError
MulDiv
WideCharToMultiByte
LockResource
LocalFree
LoadResource
SizeofResource
FindResourceA
LocalAlloc
GetExitCodeThread
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
WaitForSingleObject
TerminateThread
GetCurrentProcessId
GetCurrentThreadId
FormatMessageA
SystemTimeToFileTime
CreateWaitableTimerA
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetWaitableTimer
GetProcAddress
ReleaseSemaphore
WaitForMultipleObjectsEx
WaitForSingleObjectEx
GetSystemInfo
GetModuleHandleA
OpenEventA
lstrlenW
MultiByteToWideChar
lstrlenA
GetSystemTimeAsFileTime
InterlockedDecrement
WaitForMultipleObjects
ResetEvent
GetLastError
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
EncodePointer
QueryPerformanceCounter

ole32

CoCreateInstance
CoCreateGuid
StringFromGUID2
CoUninitialize
CoInitialize
OleRun

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantCopy
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
SetErrorInfo
CreateErrorInfo

dalog

??0CDALog@@QAE@XZ
?Write@CDALog@@QAEXABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?storage@CDALog@@QAEXPBD00_N1@Z
?Write@CDALog@@QAAXPBDZZ
??RCDALog@@QAEAAV0@W4Lvl@0@@Z
??1CDALog@@QAE@XZ

msvcp110

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xoverflow_error@std@@YAXPBD@Z

gzip2

A2Gzip
Gzip2A

dassfile

ssFileOpen

Exports

Exports

?JDRTProxyFactory@@YAPAUIRTProxy@@XZ

Sections

.text
Size: 646KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b8aee74ab9a8b813128c73ea5c9f4cc

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

winmm

iphlpapi

libzstd

mfc110

msvcr110

kernel32

ole32

oleaut32

dalog

msvcp110

gzip2

dassfile

Exports

Exports

Sections

.text Size: 646KB - Virtual size: 645KB

.rdata Size: 209KB - Virtual size: 209KB

.data Size: 10KB - Virtual size: 1.1MB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 197KB - Virtual size: 196KB

.reloc Size: 77KB - Virtual size: 77KB

.text
Size: 646KB - Virtual size: 645KB

.rdata
Size: 209KB - Virtual size: 209KB

.data
Size: 10KB - Virtual size: 1.1MB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 197KB - Virtual size: 196KB

.reloc
Size: 77KB - Virtual size: 77KB