510fd9d020b255606498ff7d8be575d579a0e2a592631444383ccc672707d080

Sharing

Copy URL Twitter E-mail

General

Target

510fd9d020b255606498ff7d8be575d579a0e2a592631444383ccc672707d080
Size

383KB
MD5

8b707de86b864f3311a544d94fd9f0b4
SHA1

849d20ac37a2e2f0b732dd69448d064336d8f480
SHA256

510fd9d020b255606498ff7d8be575d579a0e2a592631444383ccc672707d080
SHA512

2af3a796d70986f77c8da4ed9322984b2c80577851aa643c97477e38d6a8c2106aeba992a73d3a016b1d991d0d4a004691e23d1041918382546ec21695662319
SSDEEP

6144:trzX7la/eIwEgDEkhTNgt9s8M4SpfcSu2ZpfYnrSwU3e:trzX7la/jwEg1hxgt9s8tSTu2whU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
510fd9d020b255606498ff7d8be575d579a0e2a592631444383ccc672707d080

Files

510fd9d020b255606498ff7d8be575d579a0e2a592631444383ccc672707d080
.dll windows x86

7df0656183afa8c5a29c33a2ade6e128

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
VirtualFree
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetTempPathA
SetFilePointer
ReadFile
WriteFile
LoadLibraryExA
SetErrorMode
WideCharToMultiByte
MultiByteToWideChar
GetFullPathNameA
GetDriveTypeA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
CreateSemaphoreA
ReleaseSemaphore
SetEvent
SetConsoleCtrlHandler
GetVolumeInformationA
GetFileAttributesA
CreateFileA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
SetFileTime
GetFileInformationByHandle
FindNextFileA
FindFirstFileA
FindClose
GetComputerNameA
WaitForSingleObject
GetCurrentProcessId
OpenProcess
SetConsoleMode
GetConsoleMode
QueryPerformanceFrequency
QueryPerformanceCounter
SetEnvironmentVariableA
GetEnvironmentVariableA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
CreateEventA
lstrlenA
lstrcmpA
CloseHandle
GetCurrentProcess
GetProcessTimes
LocalFree
LocalAlloc
GetVersion
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetSystemInfo
DeleteCriticalSection
InitializeCriticalSection
GetLastError
VirtualAlloc

ws2_32

WSAEnumProtocolsA
WSASetLastError

fbclient

ord248
ord249
fb_interpret
fb_get_master_interface
fb_shutdown
ord250
ord51
ord1
ord42
ord83
ord259
ord37

msvcp140

?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc

vcruntime140

strchr
memchr
strstr
memmove
__std_exception_copy
__std_type_info_destroy_list
_except_handler4_common
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__std_exception_destroy
_purecall

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
toupper
isalpha
isdigit
strnlen
_strnicmp

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
calloc

api-ms-win-crt-stdio-l1-1-0

getc
fclose
ferror
fflush
_fileno
_isatty
_close
_read
__stdio_common_vfprintf
_get_osfhandle
__stdio_common_vsprintf
_getcwd
fopen
__stdio_common_vsscanf
feof
_sopen_dispatch
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_seh_filter_dll
terminate
_errno
_cexit
_initialize_onexit_table
_initterm
strerror
abort
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_invalid_parameter_noinfo_noreturn
_initterm_e

api-ms-win-crt-environment-l1-1-0

getenv_s
getenv
_putenv_s

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_unlink
_access
_fstat64i32
_mkdir

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-time-l1-1-0

_ftime64

api-ms-win-crt-math-l1-1-0

_except1

mpr

WNetGetUniversalNameA
WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA

user32

CharLowerBuffA
CharUpperBuffA
MessageBoxA

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetNamedSecurityInfoA
GetNamedSecurityInfoA
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclA
GetUserNameA
SetSecurityDescriptorDacl
CreateWellKnownSid
FreeSid
AllocateAndInitializeSid
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA

ole32

CoCreateGuid

Exports

Exports

firebird_plugin

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7df0656183afa8c5a29c33a2ade6e128

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

fbclient

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

mpr

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 299KB - Virtual size: 299KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 299KB - Virtual size: 299KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB