d04922e056a5b130c23c1d55570a24c33a33d2dfdc48b8c5dd99796620989375

Sharing

Copy URL Twitter E-mail

General

Target

d04922e056a5b130c23c1d55570a24c33a33d2dfdc48b8c5dd99796620989375
Size

784KB
MD5

73194d12f29844ffe7b7b47f8ec6ff75
SHA1

003680ca2cae5b3f3d37af761f2dac60d554e2f9
SHA256

d04922e056a5b130c23c1d55570a24c33a33d2dfdc48b8c5dd99796620989375
SHA512

be033b722dadc4df4bd48820c4b7a4d9ac66dc41839cd378b08f111cfff0404a180085b4bbde8a7082c4bef8e8d0da5d3bbd3b7db6c380adf9d6e4d02933395c
SSDEEP

24576:94EC9DR8IJLrqM4CBbGRpdZGWUa5jNMFEN4DTIcu0RTYWWQFhpslMZtaxsGmWSDl:94EC9DR8IJLrqM4CByRpvj/vWWmhpslO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d04922e056a5b130c23c1d55570a24c33a33d2dfdc48b8c5dd99796620989375

Files

d04922e056a5b130c23c1d55570a24c33a33d2dfdc48b8c5dd99796620989375
.dll windows:4 windows x86 arch:x86

8e9aa66e21714816c49ad891e5b5dfbe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

listen
htons
WSAEventSelect
connect
WSAEnumNetworkEvents
WSACreateEvent
setsockopt
WSACleanup
WSAStartup
WSAGetLastError
WSACloseEvent
closesocket
socket
shutdown
WSAWaitForMultipleEvents
inet_addr
gethostbyname
WSASetEvent
WSAResetEvent
send
recv
htonl
bind
accept

wininet

InternetCrackUrlA
InternetCloseHandle
InternetSetStatusCallback
InternetCanonicalizeUrlA
InternetReadFileExA
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetOpenA
InternetConnectA
InternetReadFile
InternetSetOptionA
InternetQueryOptionA

winmm

timeGetTime

iphlpapi

GetIpAddrTable

libzstd

ZSTD_getDecompressedSize
ZSTD_decompress

dassfile

ssFileOpen

dalog

??0CDALog@@QAE@XZ
??RCDALog@@QAEAAV0@W4Lvl@0@@Z
??1CDALog@@QAE@XZ
?Write@CDALog@@QAAXPBDZZ
?Write@CDALog@@QAEXABVCString@@@Z
?storage@CDALog@@QAEXPBD00_N1@Z

mfc42

ord4185
ord663
ord541
ord348
ord801
ord909
ord5628
ord858
ord800
ord6883
ord537
ord5608
ord2818
ord540
ord823
ord6877
ord535
ord6307
ord1105
ord521
ord861
ord860
ord538
ord2915
ord3663
ord939
ord1871
ord500
ord772
ord6142
ord5860
ord5862
ord2841
ord5450
ord6394
ord5440
ord6383
ord2107
ord812
ord559
ord501
ord773
ord5600
ord5642
ord998
ord400
ord702
ord1083
ord6283
ord6282
ord915
ord5596
ord4191
ord5572
ord6143
ord2764
ord4202
ord926
ord610
ord6139
ord803
ord287
ord5861
ord1622
ord4129
ord5683
ord4278
ord4277
ord6662
ord699
ord3938
ord397
ord912
ord4188
ord5607
ord5631
ord5593
ord6144
ord3438
ord922
ord924
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord1265
ord940
ord1271
ord5590
ord3435
ord3441
ord5606
ord5634
ord3811
ord715
ord415
ord1081
ord5620
ord5605
ord996
ord3976
ord396
ord698
ord5592
ord911
ord5630
ord4187
ord3437
ord825
ord1567
ord268
ord2233
ord665
ord5186
ord354
ord1187
ord2458
ord6289
ord968
ord3470
ord1648
ord1238
ord6874
ord1601
ord394
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord543
ord696
ord3643
ord3584
ord941
ord5710

msvcrt

?what@exception@@UBEPBDXZ
__CxxFrameHandler
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_beginthreadex
wcslen
_mbscmp
strcpy
memset
atoi
strlen
_mbsnbcpy
_purecall
memcpy
_mbsicmp
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
gmtime
atol
_ftol
pow
abs
strftime
??8type_info@@QBEHABV0@@Z
atof
mktime
strcmp
strncpy
free
realloc
malloc
strtol
memcmp
memmove
strchr
_CxxThrowException
??0exception@@QAE@ABV0@@Z
time
localtime

kernel32

InterlockedExchange
InterlockedIncrement
GetQueuedCompletionStatus
CloseHandle
CreateIoCompletionPort
GetTickCount
PostQueuedCompletionStatus
GetLocalTime
InterlockedCompareExchange
CreateDirectoryA
InterlockedDecrement
GetExitCodeThread
TerminateThread
ResumeThread
LeaveCriticalSection
GetLastError
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
SetLastError
GetCurrentProcessId
GetSystemTimeAsFileTime
FormatMessageA
ReleaseSemaphore
CreateSemaphoreA
CreateMutexA
ReleaseMutex
GetVersionExA
GetModuleHandleA
GetProcAddress
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetCurrentThread
GetCurrentThreadId
lstrlenA
MultiByteToWideChar
MulDiv
WideCharToMultiByte
LockResource
SizeofResource
LoadResource
FindResourceA
LocalFree
DeleteCriticalSection
LocalAlloc
SetEvent
lstrlenW
EnterCriticalSection
InitializeCriticalSection

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
OleRun
CoCreateGuid

oleaut32

VariantCopy
SetErrorInfo
CreateErrorInfo
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysAllocString
GetErrorInfo
VariantClear
VariantInit
SysFreeString

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??1_Winit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?_Doraise@runtime_error@std@@MBEXXZ
?what@runtime_error@std@@UBEPBDXZ
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??_7runtime_error@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

gzip2

Gzip2A
A2Gzip

Exports

Exports

?JDRTProxyFactory@@YAPAUIRTProxy@@XZ

Sections

.text
Size: 432KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e9aa66e21714816c49ad891e5b5dfbe

Headers

File Characteristics

Imports

ws2_32

wininet

winmm

iphlpapi

libzstd

dassfile

dalog

mfc42

msvcrt

kernel32

ole32

oleaut32

msvcp60

gzip2

Exports

Exports

Sections

.text Size: 432KB - Virtual size: 428KB

.rdata Size: 92KB - Virtual size: 88KB

.data Size: 12KB - Virtual size: 1.1MB

.rsrc Size: 200KB - Virtual size: 197KB

.reloc Size: 44KB - Virtual size: 41KB

.text
Size: 432KB - Virtual size: 428KB

.rdata
Size: 92KB - Virtual size: 88KB

.data
Size: 12KB - Virtual size: 1.1MB

.rsrc
Size: 200KB - Virtual size: 197KB

.reloc
Size: 44KB - Virtual size: 41KB