7efd5712db6d4b7133180299a404e7082d09c48bbcb6257dca8ad8f2d49eb7d9

Sharing

Copy URL

Twitter E-mail

General

Target

7efd5712db6d4b7133180299a404e7082d09c48bbcb6257dca8ad8f2d49eb7d9
Size

1.3MB
MD5

f7710513698d27a31a7e16b6a7618a49
SHA1

d0ce4b055c6cb83c1e01ae47a8679fa4fd7aad8e
SHA256

7efd5712db6d4b7133180299a404e7082d09c48bbcb6257dca8ad8f2d49eb7d9
SHA512

5160a202a74606fe27f944462e4a61466872c8784a313b9056e738dca24fb10d0016db61c5ad90b37be465f6b7df81c0fcb7e207693294803f779ec1b2fa56b3
SSDEEP

24576:WMYNUEksgtz0chZMJxWKgP1j5zXlcpOE1UiaxR:WliE9chyJkKgP1jxlAOE1UiG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
7efd5712db6d4b7133180299a404e7082d09c48bbcb6257dca8ad8f2d49eb7d9

Files

7efd5712db6d4b7133180299a404e7082d09c48bbcb6257dca8ad8f2d49eb7d9
.dll windows:6 windows x86 arch:x86

6434dde27a2d7cdc5b35061b8ed9b1b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

commondatasetbase

?GetModuleDir@Environment@common@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAX@Z
?GetInstance@BugChecker@common@@SAAAV12@XZ
?Throw@BugChecker@common@@QAEAAV12@XZ
?SetDumpMark@BugChecker@common@@QAEAAV12@_N@Z
?Assertion@BugChecker@common@@QAEAAV12@PBD00H@Z
??0BinaryWriter@common@@QAE@XZ
?IsDirectory@File@common@@QBE_NXZ
?IsExist@File@common@@QBE_NXZ
??1File@common@@UAE@XZ
??0File@common@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?CopyLen@StringHelper@common@@YA_NPADIPBDZZ
?FromUTCTime@TimeStamp@common@@SA?AV12@_J@Z
??1TimeStamp@common@@QAE@XZ
??0TimeStamp@common@@QAE@XZ
??0TimeStamp@common@@QAE@_J@Z
?GetZone@TimeZone@common@@SAHXZ
??1DateTime@common@@QAE@XZ
??0DateTime@common@@QAE@ABVTimeStamp@1@@Z
??0DateTime@common@@QAE@HHHHHHHH@Z
?IsValid@Logger@common@@QAE_NXZ
?WriteLog@Logger@common@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?Flush@Logger@common@@QAE_NXZ
??0Logger@common@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?Write@BinaryWriter@common@@UAE_JPBEI@Z
?Close@BinaryWriter@common@@UAE_NXZ
?Open@BinaryWriter@common@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N1@Z
??1BinaryWriter@common@@UAE@XZ
?UTF8ToAnsi@StringHelper@common@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?SetSize@File@common@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z
?GetSize@File@common@@SA_KABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

kernel32

GetProcAddress
FileTimeToDosDateTime
FindFirstFileW
FindClose
FileTimeToLocalFileTime
MultiByteToWideChar
FreeLibrary
LoadLibraryA
DecodePointer
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount64
DisableThreadLibraryCalls

msvcp110

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?eof@ios_base@std@@QBE_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
??0_Container_base12@std@@QAE@XZ
?_BADOFF@std@@3_JB
?_Orphan_all@_Container_base0@std@@QAEXXZ
??0id@locale@std@@QAE@I@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ

msvcr110

_wremove
_waccess
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
tolower
strtod
ceil
_strtoi64
strtol
wcstol
_isnan
wcstod
_wcstoi64
printf
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_vsnprintf
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
?terminate@@YAXXZ
__clean_type_info_names_internal
memcpy
memcmp
floor
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_pow_precise
_wmkdir
realloc
memchr
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
memmove
_CIatan2
_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
_libm_sse2_asin_precise
_libm_sse2_cos_precise
_libm_sse2_log_precise
memset

Exports

Exports

CheckDecodeFileValidEx
CombinateDDIBFiles
CreateCustomDataStorageManager
CreateStorageManagerByDecodedFile
CreateStorageManagerForModify
FreeStorageManager
ModifyDDIBDateTimeInfo

Sections

.text
Size: 859KB - Virtual size: 859KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6434dde27a2d7cdc5b35061b8ed9b1b5

Headers

DLL Characteristics

File Characteristics

Imports

commondatasetbase

kernel32

msvcp110

msvcr110

Exports

Exports

Sections

.text Size: 859KB - Virtual size: 859KB

.rdata Size: 383KB - Virtual size: 383KB

.data Size: 34KB - Virtual size: 40KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 74KB - Virtual size: 74KB

.text
Size: 859KB - Virtual size: 859KB

.rdata
Size: 383KB - Virtual size: 383KB

.data
Size: 34KB - Virtual size: 40KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 74KB - Virtual size: 74KB