b56b26bdc9ce4fcdc8c77eaf63a734b00e9a887d496f80c183cf555bfcf2f1a0

Sharing

Copy URL

Twitter E-mail

General

Target

b56b26bdc9ce4fcdc8c77eaf63a734b00e9a887d496f80c183cf555bfcf2f1a0
Size

237KB
MD5

0054b1afbcdda036a50228b19b7605c2
SHA1

f51940202243c6579ed9c3da80db7ce6232822b1
SHA256

b56b26bdc9ce4fcdc8c77eaf63a734b00e9a887d496f80c183cf555bfcf2f1a0
SHA512

4df828e80634f80772ad41341f9d2442190eaac230377a2e77851b50e1d528ab6ca997c40261d6672de1449a2497690564c7483263e2ca2a8d6d56331a05ed66
SSDEEP

3072:R2Y9yV7+KofV7Kg/Y8MA9ftnHlR9HK2F0vMpT32NqKZt+ZC+dpIjddy+MlInJPlK:R2YhfFYwnFnK2EGo3/VsPTnFz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b56b26bdc9ce4fcdc8c77eaf63a734b00e9a887d496f80c183cf555bfcf2f1a0

Files

b56b26bdc9ce4fcdc8c77eaf63a734b00e9a887d496f80c183cf555bfcf2f1a0
.dll windows:5 windows x86

92f9ed518a07c621988edbd08ab270ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSASetEvent
WSAResetEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSACreateEvent
WSACloseEvent
WSACleanup
WSAStartup
gethostbyname
socket
shutdown
setsockopt
send
recv
listen
inet_addr
htons
htonl
connect
closesocket
bind
accept
WSAEnumNetworkEvents
WSAGetLastError

wininet

InternetQueryOptionA
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCanonicalizeUrlA
InternetCrackUrlA

mfc110

ord8025
ord12020
ord5765
ord3786
ord6694
ord987
ord6193
ord14402
ord6194
ord14403
ord6192
ord14401
ord7811
ord12307
ord14201
ord11765
ord11766
ord1978
ord7753
ord12720
ord4023
ord4084
ord9203
ord14327
ord7734
ord14329
ord12317
ord12318
ord2430
ord5212
ord8130
ord7808
ord12032
ord12638
ord12701
ord10228
ord12028
ord8191
ord1459
ord7470
ord8273
ord12468
ord6025
ord1684
ord923
ord1833
ord12387
ord12416
ord1402
ord553
ord8311
ord1645
ord12467
ord12374
ord6024
ord1176
ord818
ord12451
ord1950
ord12414
ord1344
ord2115
ord3015
ord556
ord8314
ord1648
ord12470
ord12377
ord6027
ord1179
ord2300
ord2474
ord3897
ord6075
ord1706
ord14164
ord2384
ord12000
ord5107
ord5404
ord5614
ord9155
ord5380
ord5617
ord5110
ord5266
ord5091
ord7537
ord7538
ord7528
ord5264
ord8027
ord10047
ord9016
ord306
ord1132
ord491
ord1177
ord12375
ord1646
ord8312
ord554
ord1439
ord1954
ord12453
ord969
ord1401
ord12415
ord13017
ord13703
ord922
ord1133
ord2826
ord14340
ord11745
ord499
ord320
ord2340
ord2414
ord13019
ord1058
ord13700
ord359
ord8570
ord12658
ord5769
ord1687
ord1683
ord305
ord2950
ord14059
ord12538
ord1519
ord311
ord4977
ord12417
ord8525
ord4595
ord2937
ord2931
ord14186
ord948
ord6345
ord1440
ord970
ord4746
ord8571
ord8530
ord1520
ord310
ord2333
ord2329
ord262
ord4780
ord3175
ord1438
ord13018
ord13704
ord968
ord14391
ord1500
ord1498
ord265
ord266
ord2327
ord12182
ord14338
ord12125
ord8166
ord12695
ord14149
ord14155
ord4594
ord12537
ord1517
ord1038
ord300
ord316
ord7991
ord5732
ord1652
ord6590
ord3783
ord1501
ord324
ord1044
ord2305
ord2189
ord323
ord1043
ord2352
ord2355
ord2318
ord2354
ord484
ord2211
ord2316
ord2128
ord2242
ord2343
ord485
ord2322
ord4519

msvcr110

_CxxThrowException
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_gmtime64
_mktime64
__clean_type_info_names_internal
strncpy
realloc
malloc
free
_time64
_localtime64_s
strftime
_vsnprintf
strtol
memmove
memcpy_s
_purecall
_mbsnbcpy
strchr
memcpy
memset
__CxxFrameHandler3
ldiv
atoi

kernel32

GetExitCodeThread
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
LocalAlloc
FindResourceA
SizeofResource
LoadResource
LocalFree
WaitForSingleObject
SetEvent
CreateDirectoryA
InterlockedDecrement
lstrlenA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
TerminateThread
GetLastError
LockResource
SetLastError
WaitForMultipleObjects
ResetEvent
GetCurrentThreadId
ResumeThread

user32

wsprintfA

advapi32

CryptDecrypt
CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptEncrypt
CryptAcquireContextA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
OleRun

oleaut32

CreateErrorInfo
SysAllocString
SysFreeString
VariantInit
VariantClear
VariantCopy
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
SetErrorInfo

dalog

??0CDALog@@QAE@XZ
?Write@CDALog@@QAEXABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
??RCDALog@@QAEAAV0@W4Lvl@0@@Z
??1CDALog@@QAE@XZ
?storage@CDALog@@QAEXPBD00_N1@Z

gzip2

Gzip2A

Exports

Exports

?JDMsgProxyFactory@@YAPAUIMsgProxy@@XZ

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92f9ed518a07c621988edbd08ab270ff

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

mfc110

msvcr110

kernel32

user32

advapi32

ole32

oleaut32

dalog

gzip2

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB