dc9962ee01d1e56b3019290a02946794277deb8612db94fee8785d148516065f

Sharing

Copy URL

Twitter E-mail

General

Target

dc9962ee01d1e56b3019290a02946794277deb8612db94fee8785d148516065f
Size

788KB
MD5

568509c5ef28f448dde1baaa49bbf2dd
SHA1

929ecc783996b508e5755fd98422d1b38f5ad987
SHA256

dc9962ee01d1e56b3019290a02946794277deb8612db94fee8785d148516065f
SHA512

6dc931194de21044e830066ebbf4945be5cb567083e4a53eca4c6a4a85532dea5415b746fa4c075f7e475a3ef407f4cf13d58545ce76ae18a820fa4cdac4097b
SSDEEP

24576:eEd0aYMjXjsqnw2clL7kC1QVZUYciLS9Y5EO3WN/D9WmPa0qw5Nv:eEd0aYMjXjsqnw2clHk6mf+79RP/v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc9962ee01d1e56b3019290a02946794277deb8612db94fee8785d148516065f

Files

dc9962ee01d1e56b3019290a02946794277deb8612db94fee8785d148516065f
.dll windows:4 windows x86 arch:x86

98dd8bca4b47aa347cdab8f73e581766

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
WSAEnumNetworkEvents
WSACreateEvent
shutdown
closesocket
WSAEventSelect
htons
socket
listen
WSAStartup
WSACleanup
WSAGetLastError
setsockopt
WSACloseEvent
WSAWaitForMultipleEvents
inet_addr
gethostbyname
WSASetEvent
WSAResetEvent
send
recv
htonl
bind
accept

wininet

InternetCloseHandle
InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFileExA
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetReadFile
InternetSetOptionA
InternetQueryOptionA
InternetSetStatusCallback

winmm

timeGetTime

iphlpapi

GetIpAddrTable

libzstd

ZSTD_getDecompressedSize
ZSTD_decompress

dassfile

ssFileOpen

dalog

??0CDALog@@QAE@XZ
??RCDALog@@QAEAAV0@W4Lvl@0@@Z
??1CDALog@@QAE@XZ
?Write@CDALog@@QAAXPBDZZ
?Write@CDALog@@QAEXABVCString@@@Z
?storage@CDALog@@QAEXPBD00_N1@Z

mfc42

ord4185
ord663
ord541
ord348
ord801
ord909
ord5628
ord858
ord800
ord6883
ord537
ord5608
ord2818
ord540
ord823
ord6877
ord535
ord6307
ord1105
ord521
ord861
ord860
ord538
ord2915
ord3663
ord939
ord1871
ord500
ord772
ord6142
ord5860
ord5862
ord2841
ord5450
ord6394
ord5440
ord6383
ord2107
ord812
ord559
ord501
ord773
ord5600
ord5642
ord998
ord400
ord702
ord1083
ord6283
ord6282
ord915
ord5596
ord4191
ord5572
ord6143
ord2764
ord4202
ord926
ord610
ord6139
ord941
ord803
ord5861
ord1622
ord4129
ord5683
ord4278
ord4277
ord6662
ord699
ord3938
ord397
ord912
ord4188
ord5607
ord5631
ord5593
ord6144
ord3438
ord922
ord924
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord1265
ord940
ord1271
ord5590
ord3435
ord3441
ord5606
ord5634
ord3811
ord715
ord415
ord1081
ord5620
ord5605
ord996
ord3976
ord396
ord698
ord5592
ord911
ord5630
ord4187
ord3437
ord5710
ord1567
ord268
ord825
ord665
ord5442
ord5186
ord354
ord6385
ord1187
ord2458
ord6289
ord968
ord3470
ord1648
ord1238
ord6874
ord1601
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord394
ord543
ord696
ord3643
ord3584
ord287
ord2233

msvcrt

__CxxFrameHandler
wcslen
_EH_prolog
_mbscmp
strcpy
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
memset
atoi
strlen
_mbsnbcpy
_purecall
memcpy
_mbsicmp
localtime
time
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
gmtime
atol
clock
abs
strftime
??8type_info@@QBEHABV0@@Z
atof
mktime
strcmp
strncpy
free
realloc
malloc
strtol
memcmp
memmove
strchr
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_ftol
pow
_beginthreadex

kernel32

InterlockedExchange
Sleep
InterlockedIncrement
GetQueuedCompletionStatus
CloseHandle
CreateIoCompletionPort
GetTickCount
PostQueuedCompletionStatus
GetLocalTime
InterlockedCompareExchange
CreateDirectoryA
InterlockedDecrement
GetExitCodeThread
TerminateThread
ResumeThread
LeaveCriticalSection
GetLastError
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
SetLastError
GetSystemTimeAsFileTime
FormatMessageA
ReleaseSemaphore
CreateSemaphoreA
CreateMutexA
ReleaseMutex
GetVersionExA
GetModuleHandleA
GetProcAddress
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThread
GetCurrentThreadId
lstrlenA
MultiByteToWideChar
lstrlenW
MulDiv
WideCharToMultiByte
LockResource
SizeofResource
LoadResource
FindResourceA
LocalFree
DeleteCriticalSection
EnterCriticalSection
LocalAlloc
GetCurrentProcessId
SetEvent
InitializeCriticalSection

user32

wsprintfA

ole32

CoUninitialize
CoInitialize
StringFromGUID2
CoCreateGuid
OleRun
CoCreateInstance

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysAllocString
VariantCopy
VariantClear
VariantInit
SysFreeString
GetErrorInfo
SetErrorInfo
CreateErrorInfo

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?_Doraise@runtime_error@std@@MBEXXZ
?what@runtime_error@std@@UBEPBDXZ
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??_7runtime_error@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

gzip2

Gzip2A
A2Gzip

Exports

Exports

?JDRTProxyFactory@@YAPAUIRTProxy@@XZ

Sections

.text
Size: 436KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98dd8bca4b47aa347cdab8f73e581766

Headers

File Characteristics

Imports

ws2_32

wininet

winmm

iphlpapi

libzstd

dassfile

dalog

mfc42

msvcrt

kernel32

user32

ole32

oleaut32

msvcp60

gzip2

Exports

Exports

Sections

.text Size: 436KB - Virtual size: 434KB

.rdata Size: 92KB - Virtual size: 89KB

.data Size: 12KB - Virtual size: 1.1MB

.rsrc Size: 200KB - Virtual size: 198KB

.reloc Size: 44KB - Virtual size: 41KB

.text
Size: 436KB - Virtual size: 434KB

.rdata
Size: 92KB - Virtual size: 89KB

.data
Size: 12KB - Virtual size: 1.1MB

.rsrc
Size: 200KB - Virtual size: 198KB

.reloc
Size: 44KB - Virtual size: 41KB