c324e5bd2a0199491704c0ef6f7e6b08783a8cc8e36e6ce0b4532393456e7120

Sharing

Copy URL Twitter E-mail

General

Target

c324e5bd2a0199491704c0ef6f7e6b08783a8cc8e36e6ce0b4532393456e7120
Size

196KB
MD5

fcb0383dada77ab4ca4e347fcf08882e
SHA1

260c945c3e75222876d011e2e8b0a73978456788
SHA256

c324e5bd2a0199491704c0ef6f7e6b08783a8cc8e36e6ce0b4532393456e7120
SHA512

4b3a6d7415726ddc94540f6aa04a6c0401f7dbeaadb259f24aef64950aa8beb72adb5d0ad89e88cc06393071b39a78f34808eeaea5925bc12f08b4553a114012
SSDEEP

3072:utZsnc7ca4pksVT5rTQdcRacVaoMOYMgM5tBaWh2Zfl+usbmGrwOkI:aZpKVTkEMog6WZf9siGJkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c324e5bd2a0199491704c0ef6f7e6b08783a8cc8e36e6ce0b4532393456e7120

Files

c324e5bd2a0199491704c0ef6f7e6b08783a8cc8e36e6ce0b4532393456e7120
.dll windows:4 windows x86 arch:x86

58221442c97ea36cb6e8cee369b744a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACloseEvent
WSAStartup
WSACleanup
closesocket
shutdown
WSAWaitForMultipleEvents
inet_addr
gethostbyname
WSASetEvent
WSAResetEvent
send
recv
htonl
bind
accept
listen
socket
setsockopt
htons
WSAEventSelect
connect
WSAEnumNetworkEvents
WSACreateEvent
WSAGetLastError

wininet

InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
InternetCrackUrlA
InternetConnectA
InternetSetOptionA
HttpOpenRequestA
InternetOpenA

dalog

?storage@CDALog@@QAEXPBD00_N1@Z
??0CDALog@@QAE@XZ
??1CDALog@@QAE@XZ
??RCDALog@@QAEAAV0@W4Lvl@0@@Z
?Write@CDALog@@QAEXABVCString@@@Z

mfc42

ord6876
ord535
ord858
ord5710
ord6662
ord540
ord3663
ord801
ord541
ord4129
ord823
ord6883
ord2763
ord6143
ord2044
ord2107
ord5450
ord5834
ord5440
ord6383
ord6394
ord825
ord2841
ord2448
ord537
ord3584
ord543
ord803
ord6307
ord521
ord4278
ord4203
ord2818
ord860
ord5608
ord2764
ord4202
ord6877
ord538
ord861
ord2915
ord926
ord610
ord6139
ord939
ord941
ord287
ord5861
ord1622
ord5683
ord4277
ord802
ord542
ord6569
ord2820
ord3811
ord1567
ord1979
ord6385
ord5622
ord665
ord5186
ord354
ord268
ord772
ord800
ord5860
ord5606
ord6142
ord1265
ord348
ord663
ord3337
ord551
ord924
ord539
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord269
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord700
ord4189
ord913
ord398
ord5632
ord3439
ord6283
ord6282
ord940
ord773
ord699
ord501
ord397
ord5600
ord5593
ord3438
ord912
ord4188
ord5631
ord5607
ord998
ord715
ord415
ord1081
ord5620
ord5605
ord1105
ord702
ord400
ord5596
ord3441
ord915
ord2065
ord5634
ord4191
ord2458
ord6289
ord968
ord3470
ord1648
ord1238
ord1601
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord500
ord3825

msvcrt

__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
mktime
gmtime
strncpy
free
realloc
malloc
time
_vsnprintf
strtol
memmove
_purecall
_mbsicmp
_mbsnbcpy
strchr
_mbscmp
atoi
__CxxFrameHandler
_CxxThrowException
wcslen
_EH_prolog

kernel32

GetExitCodeThread
ResetEvent
SetEvent
LocalFree
LockResource
WaitForMultipleObjects
TerminateThread
ResumeThread
WaitForSingleObject
CreateDirectoryA
InterlockedDecrement
LocalAlloc
FindResourceA
LoadResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
lstrlenA
GetLastError
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
InitializeCriticalSection

user32

wsprintfA

advapi32

CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptCreateHash
CryptEncrypt
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptDecrypt

ole32

OleRun
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
SysFreeString
CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantInit

gzip2

Gzip2A

Exports

Exports

?JDMsgProxyFactory@@YAPAUIMsgProxy@@XZ

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58221442c97ea36cb6e8cee369b744a8

Headers

File Characteristics

Imports

ws2_32

wininet

dalog

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

gzip2

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 12KB - Virtual size: 10KB