71e870501b3ac6748ec8391096b66efda2329ec1ddf1fb2395755dc3f6b49ac8

Sharing

Copy URL Twitter E-mail

General

Target

71e870501b3ac6748ec8391096b66efda2329ec1ddf1fb2395755dc3f6b49ac8
Size

476KB
MD5

b112dd81de17cd0ffcccd9cb177e4062
SHA1

9a64623c0132ed8771ad9de25b91bec296362e9d
SHA256

71e870501b3ac6748ec8391096b66efda2329ec1ddf1fb2395755dc3f6b49ac8
SHA512

10e016bfd551b20926230213e8950dfe5ecb2ce3251540f780478d0a5225d4ff8716630f5c029a2550670818119fd7ed91b25da38880684308db81c0a9d690e0
SSDEEP

6144:r6D16Oc/4vrqTYglyKqwT+BBkT+jKKfQ5U9k6lG7236RbK9gQLlyad3JquX04h7:rIyyKrT+Bam7Q5GZG72dl5quX04h7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71e870501b3ac6748ec8391096b66efda2329ec1ddf1fb2395755dc3f6b49ac8

Files

71e870501b3ac6748ec8391096b66efda2329ec1ddf1fb2395755dc3f6b49ac8
.dll windows:4 windows x86 arch:x86

88d95664e8a5922a2a89bfd0d5deff4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
InternetReadFile
InternetSetOptionA
InternetConnectA
InternetGetConnectedState
InternetCloseHandle
HttpOpenRequestA
InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA

winmm

timeGetTime

sqlite3

sqlite3_bind_text
sqlite3_changes
sqlite3_reset
sqlite3_free_table
sqlite3_step
sqlite3_bind_int
sqlite3_column_name
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_double
sqlite3_column_int
sqlite3_finalize
sqlite3_column_count
sqlite3_vmprintf
sqlite3_mprintf
sqlite3_free
sqlite3_bind_double
sqlite3_bind_blob
sqlite3_bind_null
sqlite3_open
sqlite3_close
sqlite3_exec
sqlite3_get_table
sqlite3_last_insert_rowid
sqlite3_busy_timeout
sqlite3_prepare
sqlite3_errmsg
sqlite3_column_type
sqlite3_column_text
sqlite3_column_decltype

brotlidec

BrotliDecoderDecompress

gzip2

Gzip2A

dassfile

ssFileOpen

dalog

??1CDALog@@QAE@XZ
??0CDALog@@QAE@XZ
?storage@CDALog@@QAEXPBD00_N1@Z
?Write@CDALog@@QAEXABVCString@@@Z
?Write@CDALog@@QAAXPBDZZ
??RCDALog@@QAEAAV0@W4Lvl@0@@Z

mfc42

ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord800
ord500
ord540
ord772
ord6142
ord825
ord823
ord858
ord5860
ord922
ord535
ord2818
ord4278
ord4129
ord860
ord812
ord801
ord541
ord537
ord559
ord397
ord699
ord5593
ord912
ord6283
ord4188
ord3584
ord348
ord543
ord803
ord663
ord668
ord1980
ord2770
ord356
ord3438
ord3938
ord6307
ord5631
ord521
ord1116
ord6877
ord2764
ord665
ord1979
ord6385
ord353
ord5683
ord6153
ord3790
ord5442
ord3318
ord5186
ord354
ord400
ord702
ord939
ord940
ord2614
ord3337
ord6883
ord924
ord6663
ord6311
ord4171
ord5710
ord2915
ord5572
ord923
ord6876
ord802
ord1622
ord542
ord5608
ord2065
ord5610
ord539
ord861
ord5609
ord2765
ord6662
ord6569
ord5773
ord6010
ord4204
ord3663
ord6144
ord5450
ord6394
ord5440
ord6383
ord1871
ord6571
ord5460
ord915
ord4191
ord3441
ord5596
ord5634
ord3181
ord3178
ord4058
ord2781
ord4202
ord6143
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord5862
ord4622
ord4424
ord3738
ord561
ord815
ord1265
ord5600
ord501
ord5621
ord1083
ord5607
ord773
ord1158
ord941
ord6282
ord2763
ord2066
ord5606
ord1567
ord268
ord5861
ord4277
ord1105
ord551
ord3811
ord6648
ord538
ord715
ord415
ord1081
ord5620
ord5605
ord996
ord1601
ord998
ord798
ord1997
ord5465
ord5194
ord533
ord6467
ord6407
ord6929
ord2458
ord6289
ord968
ord3470
ord1648
ord1238
ord4080

msvcrt

_purecall
time
_mbscmp
memcpy
memset
localtime
strftime
malloc
strlen
_CxxThrowException
free
strcmp
atof
sprintf
strcpy
_mbsnbcpy
strncpy
memcmp
abs
atoi
_mbsupr
memmove
strchr
realloc
qsort
_stricmp
rand
srand
atol
gmtime
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
wcslen
mktime
_EH_prolog
_mbsicmp
__CxxFrameHandler

kernel32

ResumeThread
InitializeCriticalSection
ResetEvent
TerminateThread
GetLastError
WaitForMultipleObjects
GetLocalTime
lstrlenW
WideCharToMultiByte
Sleep
SetEvent
WaitForSingleObject
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
SetFileAttributesA
CreateDirectoryA
DeleteFileA
DeleteCriticalSection
MultiByteToWideChar
lstrlenA
GetTickCount
GetPrivateProfileIntA
GetExitCodeThread
GetModuleFileNameA
LocalAlloc
LocalFree
GetTimeZoneInformation

user32

LoadStringA
wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
VariantClear
CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantCopy

xmlhelper3

?LoadRes@XMLHelper@@YAHPAUHINSTANCE__@@HAAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMDocument2@MSXML2@@$1?_GUID_2933bf95_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@A@@@@@Z
?OuterXml@CXmlNode@PugiXMLHelper@@QAE?AVCString@@XZ
?SelectSingleNode@CXmlNode@PugiXMLHelper@@QBE?AV12@PBDPAVxpath_variable_set@pugi@@@Z
?Empty@CXmlNode@PugiXMLHelper@@QBE_NXZ
?Attribute@CXmlNode@PugiXMLHelper@@QBE?AVCXmlAttribute@2@PBD@Z
?Value@CXmlAttribute@PugiXMLHelper@@QBEPBDXZ
??1CXmlAttribute@PugiXMLHelper@@QAE@XZ
??0CXmlNode@PugiXMLHelper@@QAE@XZ
??0CXmlDocument@PugiXMLHelper@@QAE@XZ
?LoadXml@CXmlDocument@PugiXMLHelper@@QAE?AUxml_parse_result@pugi@@PBDI@Z
??Bxml_parse_result@pugi@@QBE_NXZ
?SelectNodes@CXmlDocument@PugiXMLHelper@@QBE?AVCXmlNodeList@2@PBDPAVxpath_variable_set@pugi@@@Z
?Empty@CXmlNodeList@PugiXMLHelper@@QBE_NXZ
?GetOptionalAttr@XMLHelper@@YAJAAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMElement@MSXML2@@$1?_GUID_2933bf86_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@A@@@@PBDJ@Z
?GetSAXAttr@XMLHelper@@YAXAAV?$_com_ptr_t@V?$_com_IIID@UISAXAttributes@MSXML2@@$1?_GUID_f078abe1_45d2_4832_91ea_4466ce2f25c9@@3U__s_GUID@@A@@@@PBGAAVCString@@@Z
?GetOptionalAttr@XMLHelper@@YA?AVCString@@AAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMElement@MSXML2@@$1?_GUID_2933bf86_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@A@@@@PBD1@Z
?GetAttr_Long@CXmlUtil@PugiXMLHelper@@SAJVCXmlNode@2@PADJ@Z
?GetAttr_Int@CXmlUtil@PugiXMLHelper@@SAHVCXmlNode@2@PADH@Z
?GetAttr_String@CXmlUtil@PugiXMLHelper@@SAPBDVCXmlNode@2@PAD@Z
?ParseXML@XMLHelper@@YAHABVCString@@AAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMDocument2@MSXML2@@$1?_GUID_2933bf95_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@A@@@@@Z
?ParseXMLFile@XMLHelper@@YAHABVCString@@AAV?$_com_ptr_t@V?$_com_IIID@UIXMLDOMDocument2@MSXML2@@$1?_GUID_2933bf95_7b36_11d2_b20e_00c04f983e60@@3U__s_GUID@@A@@@@@Z
?GetSAXAttr@XMLHelper@@YAXAAV?$_com_ptr_t@V?$_com_IIID@UISAXAttributes@MSXML2@@$1?_GUID_f078abe1_45d2_4832_91ea_4466ce2f25c9@@3U__s_GUID@@A@@@@PBGAAJ@Z
??1CXmlDocument@PugiXMLHelper@@QAE@XZ
??1CXmlNodeList@PugiXMLHelper@@QAE@XZ
??1CXmlNode@PugiXMLHelper@@QAE@XZ
?Size@CXmlNodeList@PugiXMLHelper@@QAEJXZ
?SelectNodes@CXmlNode@PugiXMLHelper@@QBE?AVCXmlNodeList@2@PBDPAVxpath_variable_set@pugi@@@Z
?GetNode@CXmlNodeList@PugiXMLHelper@@SA?AVCXmlNode@2@PBVxpath_node@pugi@@@Z
?End@CXmlNodeList@PugiXMLHelper@@QBEPBVxpath_node@pugi@@XZ
?Begin@CXmlNodeList@PugiXMLHelper@@QBEPBVxpath_node@pugi@@XZ

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

?JDDBProxyFactory@@YAPAUIDBProxy@@XZ

Sections

.text
Size: 316KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88d95664e8a5922a2a89bfd0d5deff4d

Headers

File Characteristics

Imports

wininet

winmm

sqlite3

brotlidec

gzip2

dassfile

dalog

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

xmlhelper3

msvcp60

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 314KB

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 44KB - Virtual size: 41KB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 316KB - Virtual size: 314KB

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 44KB - Virtual size: 41KB

.reloc
Size: 24KB - Virtual size: 22KB