f67021ee863625b3bed9c99ec31caf59742d0ae56f90de4c6e9fb2bf5d422337

Sharing

Copy URL Twitter E-mail

General

Target

f67021ee863625b3bed9c99ec31caf59742d0ae56f90de4c6e9fb2bf5d422337
Size

341KB
MD5

f60dc27c37960f524c6cfbc7f79c773b
SHA1

0be940035f945f9cb1727038125a3825222fe83b
SHA256

f67021ee863625b3bed9c99ec31caf59742d0ae56f90de4c6e9fb2bf5d422337
SHA512

dd189ed06c99dfa13e99e00f5259eacec99b7bb8b2081c66bf311147135d6c394576d210cd39b1794cc1d9387c40ebea5a457e8a0cdac707d5bc7d805ebee0a8
SSDEEP

6144:aS+fCaO/APEjRU6hVAoOA//9VQfiGWmKJfcj:2fcFhVAoOA/wWm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f67021ee863625b3bed9c99ec31caf59742d0ae56f90de4c6e9fb2bf5d422337

Files

f67021ee863625b3bed9c99ec31caf59742d0ae56f90de4c6e9fb2bf5d422337
.dll windows:6 windows x64

6d7c8c4dee84594bfdf46574085ffcd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

log4cxx

??6MessageBuffer@helpers@log4cxx@@QEAAAEAVCharMessageBuffer@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??6CharMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@_N@Z
?getWarn@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?getDebug@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?getTrace@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?isDebugEnabled@Logger@log4cxx@@QEBA_NXZ
?isWarnEnabled@Logger@log4cxx@@QEBA_NXZ
?isTraceEnabled@Logger@log4cxx@@QEBA_NXZ
??6CharMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@H@Z
??BCharMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ
?str@MessageBuffer@helpers@log4cxx@@QEAAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$basic_ostream@DU?$char_traits@D@std@@@5@@Z
??C?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@QEBAPEAVLogger@2@XZ
??1?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@UEAA@XZ
??1?$ObjectPtrT@VLevel@log4cxx@@@helpers@log4cxx@@UEAA@XZ
??0LocationInfo@spi@log4cxx@@QEAA@QEBD0H@Z
?getInfo@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?forcedLog@Logger@log4cxx@@QEBAXAEBV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVLocationInfo@spi@2@@Z
?getName@Logger@log4cxx@@QEBAXAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getLogger@Logger@log4cxx@@SA?AV?$ObjectPtrT@VLogger@log4cxx@@@helpers@2@QEBD@Z
?isInfoEnabled@Logger@log4cxx@@QEBA_NXZ
??6CharMessageBuffer@helpers@log4cxx@@QEAAAEAV012@PEBD@Z
??6CharMessageBuffer@helpers@log4cxx@@QEAAAEAV012@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0MessageBuffer@helpers@log4cxx@@QEAA@XZ
??1MessageBuffer@helpers@log4cxx@@QEAA@XZ
?str@MessageBuffer@helpers@log4cxx@@QEAAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVCharMessageBuffer@23@@Z

common

?isTimeEnabled@tbnext@@YA_NXZ
?ToString@CommonMethod@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NH@Z
?isUpperValid@QuoteUtils@tbnext@@SA_NAEBUIDepthMarketData@2@@Z
?isLowerValid@QuoteUtils@tbnext@@SA_NAEBUIDepthMarketData@2@@Z
??0Timestamp@tbnext@@QEAA@_JW4TBTimeZone@1@@Z
?date@Timestamp@tbnext@@QEBAHXZ
?ceilVolume@TradeUtils@tbnext@@SA_JAEBUICodeProperty@2@_J@Z
?floorVolume@TradeUtils@tbnext@@SA_JAEBUICodeProperty@2@_J1@Z
?floorCloseVolume@TradeUtils@tbnext@@SA_JAEBUICodeProperty@2@_J11@Z
??0TradeTime@tbnext@@QEAA@AEBUICodeID@1@W4TBTimeZone@1@@Z
?instance@CmnFactory@tbnext@@SAPEAV12@XZ
?get@CmnFactory@tbnext@@QEBAPEAXH@Z
?instance@IServiceRouter@tbnext@@SAPEAV12@XZ
?hasCloseVolume@TradeUtils@tbnext@@SA_NAEBUICodeID@2@_J1@Z
?GetTradingDay@TradeTime@tbnext@@QEBAHPEBVTimestamp@2@W4TrdDayDirction@2@@Z
??1TradeTime@tbnext@@UEAA@XZ
?instance@GlobalMsgMgr@tbnext@@SAPEAV12@XZ
?asynPushMsg@GlobalMsgMgr@tbnext@@QEAAXAEBUGlobalMsg@2@@Z
??1Timestamp@tbnext@@QEAA@XZ
?now@Timestamp@tbnext@@SA?AV12@W4TBTimeZone@2@@Z
?toDateTimeString@Timestamp@tbnext@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0TradeTime@tbnext@@QEAA@AEBUICodeID@1@@Z
?IsInTradingTime@TradeTime@tbnext@@QEBA_NPEBVTimestamp@2@@Z
?gBaseInformationMap@tbnext@@3V?$shared_ptr@UBaseInformationMap@tbnext@@@std@@A

autotrade

?Instance@ITradeSolutionManager@autotrade@@SAPEAV12@XZ

msvcp140

_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
_Cnd_signal
_Mtx_current_owns
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_timedwait
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Cnd_wait
_Mtx_init
_Thrd_start
_Thrd_id
_Xtime_get_ticks
_Mtx_destroy
_Cnd_init
_Thrd_join
_Cnd_broadcast
_Cnd_destroy_in_situ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Throw_C_error@std@@YAXH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__std_terminate
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
__std_type_info_destroy_list
memcmp
__CxxFrameHandler3
_purecall
memchr
memmove
memcpy

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_initterm
_initterm_e
_execute_onexit_table
terminate
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsprintf

kernel32

CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
ResetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CloseHandle
EnterCriticalSection
WaitForSingleObjectEx
SetEvent

api-ms-win-crt-math-l1-1-0

pow

Exports

Exports

??0IPositionMonitor@tbnext@@IEAA@XZ
??0IPositionMonitor@tbnext@@QEAA@AEBV01@@Z
??1IPositionMonitor@tbnext@@UEAA@XZ
??4IPositionMonitor@tbnext@@QEAAAEAV01@AEBV01@@Z
??_7IPositionMonitor@tbnext@@6B@
?getInstance@IPositionMonitor@tbnext@@SAPEAV12@XZ

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d7c8c4dee84594bfdf46574085ffcd2

Headers

DLL Characteristics

File Characteristics

Imports

log4cxx

common

autotrade

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

kernel32

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 249KB - Virtual size: 249KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 472B

.text
Size: 249KB - Virtual size: 249KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 472B