d417e0635da59349dcb853a465bec1b77505517677ef154db25c4398a2ce61d5

Sharing

Copy URL Twitter E-mail

General

Target

d417e0635da59349dcb853a465bec1b77505517677ef154db25c4398a2ce61d5
Size

2.5MB
MD5

28dad57cb431e449abc37b6a8ab86c1c
SHA1

90df276c86a526f3cd3a8be401e7f3a313fc6ee1
SHA256

d417e0635da59349dcb853a465bec1b77505517677ef154db25c4398a2ce61d5
SHA512

9572ac62a9097b41fbc2e6001dbe2397acd4818d94e0378e4d7866f83053ba8b28af3f6bc5ffcf30ddaef2060ef743b1ca957b89190c559bb6a5ee1e34a3e414
SSDEEP

49152:ZTMTcIiKGADXDN4a0D7vZ+AGxHT97ws41vjl2+:ZGcduXDN4a0D7vZ+AGn7wsM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d417e0635da59349dcb853a465bec1b77505517677ef154db25c4398a2ce61d5

Files

d417e0635da59349dcb853a465bec1b77505517677ef154db25c4398a2ce61d5
.dll windows:6 windows x86 arch:x86

90aae72cb0bd0216414839b537ccba20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
CreateFileA
CloseHandle
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
GetCurrentProcessId
WriteProcessMemory
OpenMutexA
LoadLibraryA
SetDllDirectoryA
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
SetEvent
GetTickCount
FormatMessageA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetNativeSystemInfo
GetPrivateProfileStringA
WritePrivateProfileStringA
WritePrivateProfileSectionA
ReadFile
CreatePipe
WaitForSingleObject
GetLocalTime
GetStartupInfoA
GetCurrentThreadId
OutputDebugStringW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LocalFree
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
WriteFile
SetFilePointer
GetFileSize
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
FreeLibrary
SetLastError
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CreateDirectoryA
GetTempPathA
GetProcAddress
GetModuleHandleA
CreateProcessA
GetModuleFileNameA

user32

UnregisterClassA

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegCloseKey
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
RegQueryValueExA
RegOpenKeyExA
CryptEncrypt

ole32

CoInitialize
CLSIDFromProgID
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
GetErrorInfo
SysAllocString
VariantClear
VariantInit
VariantChangeType
SetErrorInfo
CreateErrorInfo

errctl

eutil8
eutil3

ws2_32

getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
closesocket
bind
send
htonl
ntohl
connect
getpeername
freeaddrinfo
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
getsockname

crypt32

CertFreeCertificateContext

wldap32

ord41
ord143
ord46
ord211
ord60
ord45
ord50
ord22
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord26

spbm_dll

??1ParseXml@@QAE@XZ
??0ParseXml@@QAE@XZ
?QueryOrder_Anyone@ParseXml@@QAEHPAUSPBM_Data@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@11H@Z
?QueryTotalVersion@ParseXml@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

qrgenerator

getSize
QRGeneratorBit

print

PostAndRecvEx

sm2clt

??1CSm2Clt@@QAE@XZ
?Err2Str@CSm2Clt@@QAEPADH@Z
?OpenUsbkey@CSm2Clt@@QAEHPAD00@Z
??0CSm2Clt@@QAE@XZ
?ClientHello@CSm2Clt@@QAEHPAEAAKK@Z
?CloseUsbkey@CSm2Clt@@QAEHXZ
?ChangePin@CSm2Clt@@QAEHPAD0@Z
?VerifyPin@CSm2Clt@@QAEHPAD@Z
?ReadCert@CSm2Clt@@QAEHPAEAAKK@Z
?ClientAuth@CSm2Clt@@QAEHPAEK0AAK@Z
?SignData@CSm2Clt@@QAEHPAEK0AAKKK@Z
?VerifySign@CSm2Clt@@QAEHPAEK0K0KK@Z

decodecert

GetCertInfo

net_util

SSLPostAndRecv
GetServerInfo
ConnectServer
SetProxyServerParam
fnSetParam
SSLClose

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1ios_base@std@@UAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

dbghelp

MiniDumpWriteDump

vcruntime140

_CxxThrowException
memmove
strrchr
__CxxFrameHandler3
__std_exception_destroy
memcpy
__std_exception_copy
strchr
strstr
memchr
_purecall
_except_handler4_common
__std_type_info_destroy_list
memset
__std_terminate

api-ms-win-crt-runtime-l1-1-0

__sys_nerr
_initterm_e
_initterm
system
_cexit
_errno
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_beginthreadex
_configure_narrow_argv
_invalid_parameter_noinfo
_getpid
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
terminate
abort
strerror
_endthreadex

api-ms-win-crt-heap-l1-1-0

malloc
free
_recalloc
calloc
_callnewh
realloc

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-convert-l1-1-0

atoi
_atoi64
_i64toa
atol
strtol
_itoa
strtoll
strtoul
atoll
_ecvt_s
strtod
_ui64toa
atof
_ecvt

api-ms-win-crt-stdio-l1-1-0

_wfopen
fread
fseek
__acrt_iob_func
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
_lseeki64
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
fputs
fgets
ftell
ferror
fopen
_read
_write
_close
_open
_ftelli64
__stdio_common_vsnprintf_s

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_mkdir
_lock_file
_unlock_file
_wsplitpath
_access

api-ms-win-crt-time-l1-1-0

_localtime64
clock
_mktime64
_difftime64
_time64
_gmtime64
_getsystime

api-ms-win-crt-string-l1-1-0

ispunct
strncpy
iswspace
strcpy_s
_strdup
isdigit
_wcsicmp
strncmp
isprint
_stricmp
toupper
tolower
isalpha
iscntrl
strtok
isxdigit
strpbrk
isspace
isalnum
islower
isupper
isgraph

api-ms-win-crt-multibyte-l1-1-0

_mbsrchr

api-ms-win-crt-math-l1-1-0

floor
ceil
_CIfmod
_except1
round
_libm_sse2_pow_precise
_isnan
_finite

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func

Exports

Exports

??0ParseXml@@QAE@ABV0@@Z
??4ParseXml@@QAEAAV0@ABV0@@Z
_set_stop_event@4
_set_ukzj_logpath@4
_uk_clear@4
_uk_op_ret@4
_uk_op_size@4
_uk_operate@8
set_stop_event
set_ukzj_logpath
uk_clear
uk_op_ret
uk_op_size
uk_operate

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 359B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

90aae72cb0bd0216414839b537ccba20

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

errctl

ws2_32

crypt32

wldap32

spbm_dll

qrgenerator

print

sm2clt

decodecert

net_util

msvcp140

dbghelp

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 222KB - Virtual size: 222KB

.data Size: 12KB - Virtual size: 20KB

.idata Size: 17KB - Virtual size: 16KB

.gfids Size: 512B - Virtual size: 359B

.00cfg Size: 512B - Virtual size: 260B

.reloc Size: 74KB - Virtual size: 74KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 222KB - Virtual size: 222KB

.data
Size: 12KB - Virtual size: 20KB

.idata
Size: 17KB - Virtual size: 16KB

.gfids
Size: 512B - Virtual size: 359B

.00cfg
Size: 512B - Virtual size: 260B

.reloc
Size: 74KB - Virtual size: 74KB

.rmnet
Size: 56KB - Virtual size: 60KB