b0853b466d89c5859367559bd9309d364e989bfd0747c9eb96b9d2f67473fd0a

Sharing

Copy URL Twitter E-mail

General

Target

b0853b466d89c5859367559bd9309d364e989bfd0747c9eb96b9d2f67473fd0a
Size

112KB
MD5

d58c069e7507906abf21b6bc35da1a69
SHA1

5f95aca4431b10674060a3b481dd297af600ff8e
SHA256

b0853b466d89c5859367559bd9309d364e989bfd0747c9eb96b9d2f67473fd0a
SHA512

783caf82b5d82ed315fafae9dd7f3ab05f7e455d5482e388e78f70e47b71a8580699a17ed9a7a324395d087d8c914e6d7ca35ddca7aadcd7808e42ded9bafd90
SSDEEP

3072:43Zv+wWYYhYYbJ75Y4sQlVEm9zX2NqWXxDKt3Hn5:Dwk7CIzeqOxDKt35

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0853b466d89c5859367559bd9309d364e989bfd0747c9eb96b9d2f67473fd0a

Files

b0853b466d89c5859367559bd9309d364e989bfd0747c9eb96b9d2f67473fd0a
.dll windows x86

762e25336500542aea5425ef25364a7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc110

ord14186
ord1520
ord1687
ord1641
ord1684
ord13704
ord13019
ord314
ord2931
ord1440
ord970
ord4594
ord12538
ord2937
ord1517
ord310
ord300
ord12336
ord5732
ord4977
ord2333
ord2329
ord266
ord265
ord8273
ord7470
ord1459
ord8191
ord12028
ord10228
ord12701
ord12638
ord4519
ord7808
ord8130
ord5212
ord2430
ord12318
ord12317
ord948
ord7734
ord14327
ord9203
ord4084
ord4023
ord12720
ord7753
ord1978
ord11766
ord11765
ord14201
ord12307
ord7811
ord14401
ord6192
ord14403
ord6194
ord14402
ord1498
ord1652
ord316
ord6193
ord987
ord6694
ord3786
ord5765
ord12020
ord8025
ord12032
ord12000
ord5107
ord5404
ord5614
ord9155
ord5380
ord5617
ord5110
ord5266
ord5091
ord7537
ord7538
ord14329
ord6345
ord3783
ord1501
ord324
ord1044
ord2305
ord323
ord1043
ord2352
ord2355
ord2318
ord2354
ord484
ord2211
ord2316
ord2128
ord2242
ord2343
ord485
ord7528
ord5264
ord8027
ord10047
ord9016
ord2189
ord4746
ord1038
ord1500

msvcr110

strchr
memcpy
memmove
realloc
memset
malloc
free
??8type_info@@QBE_NABV0@@Z
__CxxFrameHandler3
_CxxThrowException
_mbsrchr
isalnum
__clean_type_info_names_internal
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
atoi
_purecall

kernel32

DeleteCriticalSection
lstrlenA
LocalAlloc
InterlockedDecrement
WideCharToMultiByte
lstrlenW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
MultiByteToWideChar
EncodePointer
LocalFree
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

ole32

CoInitialize
CoUninitialize

oleaut32

SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
SysAllocString
CreateErrorInfo
VariantClear
VariantInit
VariantChangeType
SetErrorInfo
SysFreeString

msvcp110

?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
??0id@locale@std@@QAE@I@Z

dalog

??0CDALog@@QAE@XZ
?storage@CDALog@@QAEXPBD00_N1@Z
??RCDALog@@QAEAAV0@W4Lvl@0@@Z
?Write@CDALog@@QAAXPBDZZ
??1CDALog@@QAE@XZ

jdcmdsvc

?jdCmdSvcGetService@JDCmdSvr@@YAPAVIJDCmdService@1@XZ

dautil

?ParseXML@CXMLHelper@@SAHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMDocument2@MSXML2@@$1?_GUID_2933bf95_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@B@@@@@Z

Exports

Exports

?daStorageGetSvc@daStorage@@YAPAVIXQStorage@1@XZ
?daStorageSvcFini@daStorage@@YAXXZ

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

762e25336500542aea5425ef25364a7d

Headers

DLL Characteristics

File Characteristics

Imports

mfc110

msvcr110

kernel32

ole32

oleaut32

msvcp110

dalog

jdcmdsvc

dautil

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB