43161e3c0c4ade28d8a2a93efe48a15f52b970fbb66f614862369c625767c1eb

Sharing

Copy URL Twitter E-mail

General

Target

43161e3c0c4ade28d8a2a93efe48a15f52b970fbb66f614862369c625767c1eb
Size

571KB
MD5

c0bc32bdea902a833238192d5bc07f58
SHA1

54160dfee84b9b920764557c84f2a259146d8206
SHA256

43161e3c0c4ade28d8a2a93efe48a15f52b970fbb66f614862369c625767c1eb
SHA512

d6ef6d9dfb81b6902fe1d0aafccd08b467c48a108f3dcb4687ad991a12ed64d5d69014edb84e8dda370ec262e97a98e0b32954c4f7c25296cab04eab3ba52967
SSDEEP

12288:94kdsjRGQf1JPj8EL2acfGYtCsLhKfXEfw:LdsjH7Pj0acL1Lvf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43161e3c0c4ade28d8a2a93efe48a15f52b970fbb66f614862369c625767c1eb

Files

43161e3c0c4ade28d8a2a93efe48a15f52b970fbb66f614862369c625767c1eb
.dll windows x86

9cd7cfc79df296b596a789915af4c9fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetGetConnectedState
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetOptionA
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCanonicalizeUrlA
HttpOpenRequestA
InternetCrackUrlA

winmm

timeGetTime

sqlite3

sqlite3_vmprintf
sqlite3_mprintf
sqlite3_free_table
sqlite3_get_table
sqlite3_bind_double
sqlite3_bind_int
sqlite3_busy_timeout
sqlite3_changes
sqlite3_bind_null
sqlite3_bind_text
sqlite3_free
sqlite3_column_name
sqlite3_column_decltype
sqlite3_step
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_double
sqlite3_column_int
sqlite3_column_text
sqlite3_column_type
sqlite3_finalize
sqlite3_open
sqlite3_errmsg
sqlite3_prepare
sqlite3_column_count
sqlite3_last_insert_rowid
sqlite3_exec
sqlite3_close
sqlite3_reset
sqlite3_bind_blob

brotlidec

BrotliDecoderDecompress

mfc110

ord5614
ord5404
ord5107
ord12000
ord12032
ord8025
ord12020
ord5765
ord3786
ord6694
ord987
ord6193
ord14402
ord6194
ord14403
ord6192
ord14401
ord7811
ord12307
ord14201
ord11765
ord11766
ord1978
ord7753
ord12720
ord4023
ord4084
ord9203
ord14327
ord7734
ord14329
ord12317
ord12318
ord2430
ord5212
ord8130
ord7808
ord4519
ord12638
ord12701
ord10228
ord12028
ord8191
ord1459
ord7470
ord8273
ord969
ord12452
ord1952
ord12387
ord12416
ord314
ord1687
ord14149
ord1402
ord1521
ord8570
ord2340
ord320
ord3016
ord13019
ord2115
ord3781
ord311
ord818
ord12451
ord1831
ord1950
ord12414
ord1344
ord2384
ord1833
ord14153
ord967
ord14412
ord12206
ord1437
ord11755
ord2840
ord323
ord1043
ord2300
ord2474
ord3897
ord6075
ord1706
ord14164
ord12417
ord3015
ord2414
ord12419
ord1686
ord1519
ord12415
ord6027
ord12377
ord12470
ord9155
ord8314
ord2937
ord12336
ord12695
ord14189
ord8289
ord7991
ord4977
ord4941
ord1641
ord13018
ord14059
ord1684
ord4256
ord1179
ord556
ord1683
ord14186
ord948
ord6345
ord1132
ord491
ord1440
ord970
ord7775
ord6024
ord12467
ord13020
ord4644
ord2827
ord1135
ord502
ord1133
ord2826
ord14340
ord12128
ord5733
ord13719
ord6787
ord11745
ord497
ord499
ord12658
ord4595
ord12538
ord2333
ord2329
ord1176
ord12374
ord1645
ord8311
ord553
ord1438
ord968
ord1401
ord13017
ord13703
ord922
ord1452
ord979
ord4746
ord8166
ord8571
ord14155
ord12537
ord2931
ord5769
ord1520
ord1517
ord1038
ord310
ord300
ord305
ord316
ord2950
ord5732
ord1652
ord2327
ord266
ord265
ord1498
ord1500
ord5380
ord5617
ord5110
ord5266
ord485
ord2343
ord2242
ord2128
ord2316
ord2211
ord484
ord2354
ord2318
ord2355
ord2352
ord2189
ord2305
ord5091
ord7537
ord7538
ord7528
ord5264
ord8027
ord10047
ord9016
ord13704
ord8525
ord4664
ord7985
ord5441
ord5438
ord12196
ord7151
ord2122
ord13705
ord14391
ord12182
ord14338
ord12125
ord6590
ord2322
ord1954
ord13418
ord12821
ord8532
ord4594
ord1439
ord4601
ord1044
ord324
ord1501
ord3783
ord1648
ord12418
ord923

msvcr110

_localtime64_s
strcpy
malloc
memcmp
_mbsnbcpy
labs
strncpy
memmove_s
wcslen
memmove
_CxxThrowException
_purecall
free
atof
sprintf
strlen
strcmp
memcpy_s
__CxxFrameHandler3
_time64
_mktime64
_localtime64
strftime
atoi
memset
memcpy
_mbsupr
__clean_type_info_names_internal
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_gmtime64
abs
atol
srand
rand
qsort
_stricmp
realloc
strchr
_mbscmp

kernel32

MultiByteToWideChar
lstrlenA
lstrlenW
GetModuleFileNameA
GetTickCount
ResumeThread
WideCharToMultiByte
WaitForSingleObject
SetEvent
InterlockedDecrement
DeleteFileA
SetFileAttributesA
TerminateThread
GetExitCodeThread
ResetEvent
WaitForMultipleObjects
GetLocalTime
GetTimeZoneInformation
LocalAlloc
LocalFree
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetLastError
CreateDirectoryA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA

user32

wsprintfA
LoadStringA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
VariantInit
VariantClear
VariantCopy
VariantChangeType
SysAllocString
SysStringByteLen
SysAllocStringByteLen

xmlhelper3

?LoadRes@XMLHelper@@YAHPAUHINSTANCE__@@HAAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMDocument2@MSXML2@@$1?_GUID_2933bf95_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@B@@@@@Z
?OuterXml@CXmlNode@PugiXMLHelper@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?SelectSingleNode@CXmlNode@PugiXMLHelper@@QBE?AV12@PBDPAVxpath_variable_set@pugi@@@Z
?Attribute@CXmlNode@PugiXMLHelper@@QBE?AVCXmlAttribute@2@PBD@Z
?Empty@CXmlNode@PugiXMLHelper@@QBE_NXZ
?Value@CXmlAttribute@PugiXMLHelper@@QBEPBDXZ
??1CXmlAttribute@PugiXMLHelper@@QAE@XZ
?LoadXml@CXmlDocument@PugiXMLHelper@@QAE?AUxml_parse_result@pugi@@PBDI@Z
??1CXmlDocument@PugiXMLHelper@@QAE@XZ
??0CXmlDocument@PugiXMLHelper@@QAE@XZ
?GetNode@CXmlNodeList@PugiXMLHelper@@SA?AVCXmlNode@2@PBVxpath_node@pugi@@@Z
?Size@CXmlNodeList@PugiXMLHelper@@QAEJXZ
?End@CXmlNodeList@PugiXMLHelper@@QBEPBVxpath_node@pugi@@XZ
?Begin@CXmlNodeList@PugiXMLHelper@@QBEPBVxpath_node@pugi@@XZ
?Empty@CXmlNodeList@PugiXMLHelper@@QBE_NXZ
?SelectNodes@CXmlDocument@PugiXMLHelper@@QBE?AVCXmlNodeList@2@PBDPAVxpath_variable_set@pugi@@@Z
?SelectNodes@CXmlNode@PugiXMLHelper@@QBE?AVCXmlNodeList@2@PBDPAVxpath_variable_set@pugi@@@Z
??1CXmlNode@PugiXMLHelper@@QAE@XZ
??0CXmlNode@PugiXMLHelper@@QAE@XZ
??Bxml_parse_result@pugi@@QBE_NXZ
?GetSAXAttr@XMLHelper@@YAXAAV?$_com_ptr_t@V?$_com_IIID@UISAXAttributes@MSXML2@@$1?_GUID_f078abe1_45d2_4832_91ea_4466ce2f25c9@@3U__s_GUID@@B@@@@PB_WAAJ@Z
?ParseXMLFile@XMLHelper@@YAHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMDocument2@MSXML2@@$1?_GUID_2933bf95_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@B@@@@@Z
?ParseXML@XMLHelper@@YAHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMDocument2@MSXML2@@$1?_GUID_2933bf95_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@B@@@@@Z
?GetAttr_Long@CXmlUtil@PugiXMLHelper@@SAJVCXmlNode@2@PADJ@Z
?GetAttr_Int@CXmlUtil@PugiXMLHelper@@SAHVCXmlNode@2@PADH@Z
?GetAttr_String@CXmlUtil@PugiXMLHelper@@SAPBDVCXmlNode@2@PAD@Z
?GetOptionalAttr@XMLHelper@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMElement@MSXML2@@$1?_GUID_2933bf86_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@B@@@@PBD1@Z
?GetSAXAttr@XMLHelper@@YAXAAV?$_com_ptr_t@V?$_com_IIID@UISAXAttributes@MSXML2@@$1?_GUID_f078abe1_45d2_4832_91ea_4466ce2f25c9@@3U__s_GUID@@B@@@@PB_WAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetOptionalAttr@XMLHelper@@YAJAAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMElement@MSXML2@@$1?_GUID_2933bf86_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@B@@@@PBDJ@Z
??1CXmlNodeList@PugiXMLHelper@@QAE@XZ

msvcp110

?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
??0id@locale@std@@QAE@I@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ

dalog

??RCDALog@@QAEAAV0@W4Lvl@0@@Z
?Write@CDALog@@QAAXPBDZZ
?Write@CDALog@@QAEXABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?storage@CDALog@@QAEXPBD00_N1@Z
??0CDALog@@QAE@XZ
??1CDALog@@QAE@XZ

dassfile

ssFileOpen

gzip2

Gzip2A

Exports

Exports

?JDDBProxyFactory@@YAPAUIDBProxy@@XZ

Sections

.text
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cd7cfc79df296b596a789915af4c9fb

Headers

DLL Characteristics

File Characteristics

Imports

wininet

winmm

sqlite3

brotlidec

mfc110

msvcr110

kernel32

user32

advapi32

ole32

oleaut32

xmlhelper3

msvcp110

dalog

dassfile

gzip2

Exports

Exports

Sections

.text Size: 375KB - Virtual size: 375KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 375KB - Virtual size: 375KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 36KB - Virtual size: 36KB