86f58e2c5fd03c904788d85530ad428d20c027ddb4c036da8487905905ea81a0

Sharing

Copy URL Twitter E-mail

General

Target

86f58e2c5fd03c904788d85530ad428d20c027ddb4c036da8487905905ea81a0
Size

238KB
MD5

d590c957b9d143caf8c97cb7e6c969e2
SHA1

50eef02ab3f6b0e21ca113c5c8c115b2f027d7bd
SHA256

86f58e2c5fd03c904788d85530ad428d20c027ddb4c036da8487905905ea81a0
SHA512

632de22848d8700d79318a9350f39ab2de5c9ce1041a59ef0993f25a560be40a8b555909ccc700d989d04feacdf992d6dce5e937941280b638ce09ff7320a178
SSDEEP

6144:x19twXWUIvI2Oyn4TOMjhhqyQkQKAxmam2FTzBk8:x19twGUIvI2zKBAxmam2FTzBk8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86f58e2c5fd03c904788d85530ad428d20c027ddb4c036da8487905905ea81a0

Files

86f58e2c5fd03c904788d85530ad428d20c027ddb4c036da8487905905ea81a0
.dll windows x86

e7c2becbd21ddc631f2d0470728fae80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

datadatautil

?IsDateValid@CDataCheckUtil@TADataUtil@@SAHJ@Z

mfc110

ord9203
ord14327
ord7734
ord1500
ord1498
ord4084
ord4023
ord12720
ord7753
ord1978
ord11766
ord11765
ord14329
ord12307
ord7811
ord14401
ord6192
ord14403
ord6194
ord14402
ord6193
ord987
ord6694
ord3786
ord5765
ord12020
ord8025
ord12032
ord12000
ord5107
ord5404
ord5614
ord9155
ord5380
ord5617
ord5110
ord5266
ord5091
ord7537
ord7538
ord12317
ord12318
ord2430
ord5212
ord8130
ord7808
ord4519
ord12638
ord12701
ord10228
ord12028
ord8191
ord1459
ord7470
ord8273
ord2329
ord2333
ord1652
ord265
ord2327
ord4977
ord5732
ord7991
ord316
ord300
ord1517
ord1520
ord2931
ord2937
ord979
ord1452
ord968
ord13019
ord1438
ord553
ord8311
ord1645
ord12467
ord12374
ord6024
ord1176
ord970
ord1440
ord491
ord1132
ord6345
ord8532
ord4746
ord13020
ord13704
ord13018
ord266
ord12658
ord8570
ord3783
ord922
ord1401
ord8166
ord499
ord11745
ord14340
ord2826
ord1133
ord13705
ord2189
ord4594
ord2384
ord4941
ord7000
ord7151
ord259
ord262
ord4780
ord3175
ord320
ord2340
ord1043
ord323
ord14391
ord12182
ord14338
ord12125
ord8270
ord4595
ord311
ord12336
ord4984
ord6590
ord2322
ord12695
ord14153
ord14155
ord5769
ord1683
ord305
ord2950
ord14059
ord4256
ord14186
ord948
ord13017
ord13703
ord14201
ord7528
ord5264
ord8027
ord10047
ord1501
ord324
ord1044
ord2305
ord2352
ord2355
ord2318
ord2354
ord484
ord2211
ord2316
ord2128
ord2242
ord2343
ord485
ord9016
ord1038
ord310
ord14154

msvcr110

strftime
_mktime64
_CxxThrowException
atoi
_purecall
strlen
atof
memset
memcpy
memmove
_localtime64_s
memcpy_s
?terminate@@YAXXZ
strtod
_mbsrchr
__clean_type_info_names_internal
_except_handler4_common
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
__CxxFrameHandler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_mbsnbcpy
strchr
_mbschr
strcat
memcmp
realloc
malloc
free
ceil
memmove_s

kernel32

GetModuleFileNameA
InterlockedDecrement
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
EnterCriticalSection
GetLastError
SetEvent
GetProcAddress
GlobalMemoryStatus
GetModuleHandleA
LockResource
LocalFree
LoadResource
SizeofResource
FindResourceA
LocalAlloc
EncodePointer
DecodePointer
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent

user32

DdeQueryStringA
DdeCreateDataHandle
DdeNameService
DdePostAdvise
DdeUninitialize
DdeInitializeA
LoadStringA
RegisterClipboardFormatA
DdeFreeStringHandle
DdeCreateStringHandleA
wsprintfA
RegisterWindowMessageA

ole32

CoCreateInstance
OleRun

oleaut32

SetErrorInfo
GetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
SysStringByteLen
VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocString

dalog

??RCDALog@@QAEAAV0@W4Lvl@0@@Z
?Write@CDALog@@QAAXPBDZZ
?storage@CDALog@@QAEXPBD00_N1@Z
??0CDALog@@QAE@XZ
??1CDALog@@QAE@XZ

jdproxy

JDAddMsgDataNotify
JDAddQuote
JDUpdateQuote
JDRemoveQuote
JDGetQuote
JDGetSymbolInfo
JDGetBaseAttrs
JDGetXQID
JDGetTradeID
JDGetExtendAttr

msvcp110

?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPBDH@Z

dasymbol

??0CListID@@QAE@XZ
?SetData@CListID@@QAEXW4ListIDType@@ABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetID@CListID@@UBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
??1CListID@@QAE@XZ

dastock

?SetSpreadInfo@CStockAttr@@SAXXZ
?SetInfoData@CStockKey@@SAXW4InfoType@@@Z
?GetReadID@CStockAttr@@QAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?UpdateQuote@CStockKey@@QAEHXZ
?UpdateTick@CStockKey@@QAEHHHH@Z
?GetDBLotSize@CStockKey@@QBEJW4FrequencyType@@@Z
?GetTickCount@CStockAttr@@QBEHXZ
?GetTickID@CStockAttr@@QBEHH@Z
?GetCurrency@CStockAttr@@QBEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetField@CStockKey@@QBEJW4Field@@@Z
?GetFieldString@CStockKey@@QBEJW4Field@@AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetTickFieldString@CStockKey@@QBEJHHW4Field@@AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetTickCurrentIndex@CStockKey@@QBEHH@Z
?GetStockValue@CStockKey@@QAEHAAN@Z
?GetFieldString@CStaticKey@@QAEJABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@W4Field@@AAV23@H@Z
??1CStaticKey@@UAE@XZ
??0CStaticKey@@QAE@ABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetID@CStockAttr@@QBEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetTradeDate@CTAStockKey@@QAEJXZ
?GetInstant_Relation@CTAStockKey@@QAEHPAUTAData_4@@@Z
?GetInstant_InOut@CTAStockKey@@QAEHPAUTAData_2@@H@Z
?GetInstant_OpenBidAsk@CTAStockKey@@QAEHPAUTAData_2@@_N@Z
?GetInstant_BidAsk@CTAStockKey@@QAEHPAUTAData_3@@@Z
?GetInstant_AvgBidAsk@CTAStockKey@@QAEHPAUTAData_2@@@Z
?GetInstant_RatioVol@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_ProbVolatilityImply@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_VolatilityImply@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_ProbVolatility@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_TheoryPrice@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_Rho@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_Vega@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_Theta@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_Gamma@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_Delta@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_Volatility@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_TimeValue@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_InnerValue@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetInstant_AvgTrade@CTAStockKey@@QAEHPAUTAData_1@@@Z
?GetNewTickData@CStockKey@@QAEHJJHJPAPAUDAHistTick@@_N1@Z
?IsTADataTypeSupported@CStockKey@@QBEHW4TADataType@@W4FrequencyType@@PAH@Z
?SetQuoteData@CStockKey@@QAEXPAEPAUQuoteAttr@@H_N@Z
?ParseExtAttr@CStockKey@@SAHPBD0AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetQuoteAttrAndLength@CStockAttr@@QAEHPAUQuoteAttr@@PAH@Z
?GetNewTAData@CStockKey@@QAEHW4TADataType@@W4FrequencyType@@PBDJHPAPAUTAData@@PAHH@Z
?AddTADataType@CStockKey@@QAEHW4TADataType@@W4FrequencyType@@PBDPAH@Z
?OnJDSDataNotify@CStockKey@@UAEJIJ@Z
?GetRuntimeClass@CStockKey@@UBEPAUCRuntimeClass@@XZ
?AddInfoData@CStockKey@@SAHW4InfoType@@@Z
?GetExtAttrField@CStockKey@@QBEHHPBDAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?Setup@CStockKey@@QAEHPBDHPAUBaseAttr@@0H_N@Z
??1CStockKey@@UAE@XZ
??0CStockKey@@QAE@XZ
?GetWarrantFieldString@CStockKey@@QBENW4Field@@PAV1@ABV?$vector@NV?$allocator@N@std@@@std@@AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H_N@Z
?GetDoubleFieldString@CStockKey@@QBENW4Field@@AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetSubType@CStockAttr@@QBEHXZ
?GetSpotID@CStockAttr@@QAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetExchID@CStockAttr@@QBEHXZ
?IsShowStockValueFieldAsVol@CStockKey@@SAHH@Z
?IsTickUpdated@CStockKey@@QAEHH@Z
?IsQuoteUpdated@CStockKey@@QAEHXZ
?GetMinTickData@CTAStockKey@@QBE?AV?$vector@UDAMinTick@@V?$allocator@UDAMinTick@@@std@@@std@@W4FrequencyType@@@Z
?UpdateMinTickData@CTAStockKey@@QAEXW4FrequencyType@@@Z
?GetHistAckDate@CStockKey@@QBEJW4FrequencyType@@@Z
?GetNewServerHistData@CStockKey@@QAEHW4FreqType@@JJHJPAPAUDAHistData@@_N2@Z
?GetNewHistData@CStockKey@@QAEHW4FrequencyType@@JJHJPAPAUDAHistData@@_N2@Z
?IsAdjustDataAvailable@CStockKey@@QAEHXZ
?GetEMGStockFormat@CStockAttr@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HN@Z
?GetPriceString@CStockAttr@@QBEXJAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetSymbolType@CStockAttr@@QBEHXZ
?IsQuoteValid@CStockKey@@QAEHXZ
?GetTickField@CStockKey@@QBEJHHW4Field@@@Z

dautil

?SetDateEx@CXQDateTime@@QAEHJ@Z
?IsSameYear@CXQDateTime@@QBEHABV1@@Z
?IsSameHalfYear@CXQDateTime@@QBEHABV1@@Z
?IsSameQuarter@CXQDateTime@@QBEHABV1@@Z
?IsSameMonth@CXQDateTime@@QBEHABV1@@Z
?IsSameWeek@CXQDateTime@@QBEHABV1@@Z
?PreviousDay@CXQDateTime@@QAEXAAV1@@Z
??1CXQDateTime@@UAE@XZ
??0CXQDateTime@@QAE@J@Z
??0CXQDateTime@@QAE@XZ
?IsAdjustDWM@CFrequencyUtility@@SA_NW4FrequencyType@@@Z
?IsMin@CFrequencyUtility@@SA_NW4FrequencyType@@@Z
?IsTick@CFrequencyUtility@@SA_NW4FrequencyType@@@Z
?NextDay@CXQDateTime@@QAEXAAV1@@Z
?PreviousWeek@CXQDateTime@@QAEXAAV1@@Z
?NextWeek@CXQDateTime@@QAEXAAV1@@Z
?PreviousMonth@CXQDateTime@@QAEXAAV1@@Z
?NextMonth@CXQDateTime@@QAEXAAV1@@Z
?PreviousQuarter@CXQDateTime@@QAEXAAV1@@Z
?NextQuarter@CXQDateTime@@QAEXAAV1@@Z
?PreviousHalfYear@CXQDateTime@@QAEXAAV1@@Z
?NextHalfYear@CXQDateTime@@QAEXAAV1@@Z
?PreviousYear@CXQDateTime@@QAEXAAV1@@Z
?NextYear@CXQDateTime@@QAEXAAV1@@Z
??_7CXQDateTime@@6B@
?IsValid@CFrequencyUtility@@SA_NW4FrequencyType@@@Z

dasproxy

?DASGetUserInfo@@YAHW4LoginInfoFlag@@PADPBD@Z

dasobj

?DASGetLoginInfo@@YAHW4LoginInfoFlag@@PADHPBD@Z

Exports

Exports

?FiniDDEServer@@YAXXZ
?InitDDEServer@@YAHPBD0K@Z
?OnDDEDSNotify@@YAXIJ@Z

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7c2becbd21ddc631f2d0470728fae80

Headers

DLL Characteristics

File Characteristics

Imports

datadatautil

mfc110

msvcr110

kernel32

user32

ole32

oleaut32

dalog

jdproxy

msvcp110

dasymbol

dastock

dautil

dasproxy

dasobj

Exports

Exports

Sections

.text Size: 146KB - Virtual size: 145KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 146KB - Virtual size: 145KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 17KB - Virtual size: 16KB