25ec58ada720bf005bdf4c36ccb45785f1ec35f40a8a1769e05692f2c4bb41e0

Sharing

Copy URL Twitter E-mail

General

Target

25ec58ada720bf005bdf4c36ccb45785f1ec35f40a8a1769e05692f2c4bb41e0
Size

550KB
MD5

3aaa4bb2006b1fc7ed9e47c041e5f02b
SHA1

1917b66cd0f6aac921997603eeed22430a1c086b
SHA256

25ec58ada720bf005bdf4c36ccb45785f1ec35f40a8a1769e05692f2c4bb41e0
SHA512

266da3a3740cab645649eb7b01fe3abea7703835f8e636e3f9bfb4b2dbec1d433aaba29b5a2b7e042761a33b52df99aae15eb5cc6e692d14f6cf67a8ce37fafc
SSDEEP

12288:rPWRCVUhLi1+HDDlYnTxuSAHnMlZEA0gWqe8p2uXR5bu3XFEjC9YjpX4e7mfM35o:BVUhHXlYDAHnwr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25ec58ada720bf005bdf4c36ccb45785f1ec35f40a8a1769e05692f2c4bb41e0

Files

25ec58ada720bf005bdf4c36ccb45785f1ec35f40a8a1769e05692f2c4bb41e0
.dll windows:6 windows x64

7a6f0e6c73627c340ce85a1b0301dde9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

sqliteapi

??1CSqliteStmt@SqliteAPI@@QEAA@XZ
?Prepare@CSqliteStmt@SqliteAPI@@QEAAHPEBD@Z
?Step@CSqliteStmt@SqliteAPI@@QEAAHXZ
?GetSqliteDB@CSqliteAPI@SqliteAPI@@QEAAPEAUsqlite3@@XZ
??0IDbApiBase@@QEAA@XZ
??1IDbApiBase@@UEAA@XZ
?RegisterSessionManagerHandle@IDbApiBase@@QEAAXPEAVCDbSessionManager@@@Z
??0CSqliteStmt@SqliteAPI@@QEAA@XZ
?SelectSchemaVersionList@IDbApiBase@@UEAAHPEAVCSqliteAPI@SqliteAPI@@AEAV?$vector@USchemaVersion@@V?$allocator@USchemaVersion@@@std@@@std@@@Z
?InsertSchemaVersion@IDbApiBase@@UEAAHPEAVCSqliteAPI@SqliteAPI@@AEAUSchemaVersion@@@Z
?SqlOnDB@IDbApiBase@@UEAAHPEAVCSqliteAPI@SqliteAPI@@PEBD@Z
?TransBegin@CSqliteAPI@SqliteAPI@@QEAAHXZ
?TransCommit@CSqliteAPI@SqliteAPI@@QEAAHXZ
?Execute@CSqliteAPI@SqliteAPI@@QEAAHPEBDP6AHPEAXHPEAPEAD2@Z1@Z
?getInstance@CDbSessionManager@@SAPEAV1@XZ
?BindDouble@CSqliteStmt@SqliteAPI@@QEAAHHN@Z
?BindInt64@CSqliteStmt@SqliteAPI@@QEAAHH_J@Z
?BindInt@CSqliteStmt@SqliteAPI@@QEAAHHH@Z
?BindText@CSqliteStmt@SqliteAPI@@QEAAHHPEBDH@Z
?GetText@CSqliteStmt@SqliteAPI@@QEAAPEBDH@Z
?GetDBSession@IDbApiBase@@UEAAPEAVCSqliteAPI@SqliteAPI@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetDouble@CSqliteStmt@SqliteAPI@@QEAANH@Z
?GetInt64@CSqliteStmt@SqliteAPI@@QEAA_JH@Z
?GetInt@CSqliteStmt@SqliteAPI@@QEAAHH@Z

log4cxx

??1?$ObjectPtrT@VLevel@log4cxx@@@helpers@log4cxx@@UEAA@XZ
??0LocationInfo@spi@log4cxx@@QEAA@QEBD0H@Z
?isErrorEnabled@Logger@log4cxx@@QEBA_NXZ
?getDebug@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?forcedLog@Logger@log4cxx@@QEBAXAEBV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVLocationInfo@spi@2@@Z
?getName@Logger@log4cxx@@QEBAXAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getLogger@Logger@log4cxx@@SA?AV?$ObjectPtrT@VLogger@log4cxx@@@helpers@2@QEBD@Z
?getError@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
??1?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@UEAA@XZ
??6CharMessageBuffer@helpers@log4cxx@@QEAAAEAV012@PEBD@Z
??6CharMessageBuffer@helpers@log4cxx@@QEAAAEAV012@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??BCharMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ
??0MessageBuffer@helpers@log4cxx@@QEAA@XZ
??1MessageBuffer@helpers@log4cxx@@QEAA@XZ
??6MessageBuffer@helpers@log4cxx@@QEAAAEAVCharMessageBuffer@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?str@MessageBuffer@helpers@log4cxx@@QEAAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$basic_ostream@DU?$char_traits@D@std@@@5@@Z
?str@MessageBuffer@helpers@log4cxx@@QEAAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVCharMessageBuffer@23@@Z
?isInfoEnabled@Logger@log4cxx@@QEBA_NXZ
??C?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@QEBAPEAVLogger@2@XZ
??6CharMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@H@Z
?isDebugEnabled@Logger@log4cxx@@QEBA_NXZ
??6CharMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@N@Z
?getInfo@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ

common

?instance@IServiceRouter@tbnext@@SAPEAV12@XZ
?gBaseInformationMap@tbnext@@3V?$shared_ptr@UBaseInformationMap@tbnext@@@std@@A
?isTimeEnabled@tbnext@@YA_NXZ
??0Timestamp@tbnext@@QEAA@_JW4TBTimeZone@1@@Z
?GetLeftTradingTicks@TradeTime@tbnext@@QEBAHPEBVTimestamp@2@@Z
?GetPeriodLeftTradingTicks@TradeTime@tbnext@@QEBAHPEBVTimestamp@2@@Z
?GetTradingTicksByRange@TradeTime@tbnext@@QEBAHPEBVTimestamp@2@0@Z
??0TradeTime@tbnext@@QEAA@AEBUICodeID@1@W4TBTimeZone@1@@Z
?IsInTradingTime@TradeTime@tbnext@@QEBA_NPEBVTimestamp@2@@Z
?GetServerExeDirectory@FileSystem@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1TradeTime@tbnext@@UEAA@XZ
?Stoll@CommonMethod@@SA_JAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
?getBidAskPrice@TradeUtils@tbnext@@SA?AUBidAskPrice@2@PEAVIQuoteService@2@AEBUICodeID@2@W4Side@2@AEBUSourceId@2@@Z
??0TradeTime@tbnext@@QEAA@AEBUICodeID@1@@Z
?GetTradingDay@TradeTime@tbnext@@QEBAHPEBVTimestamp@2@W4TrdDayDirction@2@@Z
?GetTradingDay@TimeUtils@tbnext@@SAHPEBVTimestamp@2@W4TrdDayDirction@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1Timestamp@tbnext@@QEAA@XZ
?now@Timestamp@tbnext@@SA?AV12@W4TBTimeZone@2@@Z
?toUTCMilisecsinceEponch@Timestamp@tbnext@@QEBA_JXZ
?toDateTimeString@Timestamp@tbnext@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

msvcp140

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?exceptions@ios_base@std@@QEAAXH@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?narrow@?$ctype@D@std@@QEBADDD@Z
?widen@?$ctype@D@std@@QEBADD@Z
??Bid@locale@std@@QEAA_KXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
_Cnd_signal
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Cnd_wait
_Mtx_init
_Thrd_start
_Thrd_id
_Mtx_destroy
_Cnd_init
_Thrd_join
_Mtx_unlock
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Xbad_function_call@std@@YAXXZ
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_current_owns
_Cnd_init_in_situ
_Cnd_timedwait
_Xtime_get_ticks
_Cnd_destroy_in_situ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

vcruntime140

__std_exception_copy
__std_type_info_compare
__C_specific_handler
memset
_CxxThrowException
__std_type_info_destroy_list
__std_terminate
memmove
memcpy
_purecall
memcmp
memchr
__CxxFrameHandler3
__RTDynamicCast
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
terminate
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
realloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

pow
lround

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CloseHandle

Exports

Exports

??0AlgoManager@tbnext@@QEAA@AEBV01@@Z
??0AlgoManager@tbnext@@QEAA@XZ
??1AlgoManager@tbnext@@MEAA@XZ
??4AlgoManager@tbnext@@QEAAAEAV01@AEBV01@@Z
??_7AlgoManager@tbnext@@6B@
?Instance@AlgoManager@tbnext@@SAPEAV12@XZ

Sections

.text
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a6f0e6c73627c340ce85a1b0301dde9

Headers

DLL Characteristics

File Characteristics

Imports

sqliteapi

log4cxx

common

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 386KB - Virtual size: 386KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 6KB - Virtual size: 9KB

.pdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 386KB - Virtual size: 386KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 6KB - Virtual size: 9KB

.pdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB