b7c9cad9df520ac1d63dfca7112f1a18c5817ad7491fe640330ff2db982e54c9

Sharing

Copy URL Twitter E-mail

General

Target

b7c9cad9df520ac1d63dfca7112f1a18c5817ad7491fe640330ff2db982e54c9
Size

2.7MB
MD5

2123a35bd99f8453bf88390608174c36
SHA1

4d77dafe6c012d68e10873b275f05ed9ff9f2748
SHA256

b7c9cad9df520ac1d63dfca7112f1a18c5817ad7491fe640330ff2db982e54c9
SHA512

cdf910cb1570415d566d90dc5e23b1a24024225073bc87ca57e47c05e94cb851ea2fd54cd2291add483d1c610f1e2b24df30c71dde91048dd1528604ad3ab0b6
SSDEEP

49152:cGaXtX5Hp0urIHWYD66lhOUJ7mC9qdElM7GQePfHGOGQzCaO++YtmhL7vZOZZZZB:cGqX5HpDd6loc282zEHGOGjFm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7c9cad9df520ac1d63dfca7112f1a18c5817ad7491fe640330ff2db982e54c9

Files

b7c9cad9df520ac1d63dfca7112f1a18c5817ad7491fe640330ff2db982e54c9
.dll windows:5 windows x86 arch:x86

d509470243ee83970b7ac5fbce6b7819

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Demo\VS2019\SolutionA\Release\MNDJK.pdb

Imports

kernel32

GetPrivateProfileStringA
FormatMessageA
WideCharToMultiByte
LocalFree
CloseHandle
GetComputerNameA
SetEndOfFile
HeapSize
WriteConsoleW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
GetCurrentThreadId
GetTimeZoneInformation
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
CreateFileA
GetLastError
MultiByteToWideChar
DeviceIoControl
lstrlenW
GetModuleFileNameA
GetTickCount
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
FlushFileBuffers
HeapReAlloc
DeleteFileW
RemoveDirectoryW
SetFilePointerEx
GetConsoleCP
HeapAlloc
HeapFree
GetACP
PeekNamedPipe
GetDriveTypeW
CreateFileW
SetConsoleCtrlHandler
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ReadFile
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleExW
FreeLibrary
LoadLibraryA
LoadLibraryW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
FindClose
FindFirstFileW
FindNextFileW
RtlUnwind
RaiseException
InterlockedFlushSList
DeleteFileA

user32

wsprintfA
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW
MessageBoxA

ole32

CoCreateGuid

gdiplus

GdipDrawImageRectRect
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipGetImageEncoders
GdipGetImageHeight
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipCreateBitmapFromGdiDib
GdipFree
GdipGetImageGraphicsContext
GdipGetImageEncodersSize
GdipDeleteGraphics
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromFile
GdipImageRotateFlip

iphlpapi

GetAdaptersInfo

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

ws2_32

htons
sendto
ioctlsocket
setsockopt
WSAGetLastError
recvfrom
connect
socket
inet_addr
WSAStartup
gethostbyname
closesocket
WSACleanup
WSASetLastError
send
recv

advapi32

CryptAcquireContextW
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptGetUserKey
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam

Exports

Exports

CompressPicPixel
CompressPicQuality
CutCompressPicPixel
GetHDSN
GetPicPixel
_PBX_CreateNonVisualObject@16
_PBX_GetDescription@0
_PBX_Notify@8
aes_de_a
aes_en_a
base64de
base64en
conversionpic
deletedir
des_de_a
des_de_w
des_en_a
des_en_w
dowork
file_all_decrypt
file_all_decryptw
file_all_encrypt
file_all_encryptw
file_decrypt
file_decryptw
file_encrypt
file_encryptw
gbktoutf8
getguid
getsqlstr
picrotate
ping
rsasign
telnet
utf8togbk
zintbar

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d509470243ee83970b7ac5fbce6b7819

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

gdiplus

iphlpapi

winhttp

crypt32

ws2_32

advapi32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 726KB - Virtual size: 726KB

.data Size: 12KB - Virtual size: 48KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 74KB - Virtual size: 74KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 726KB - Virtual size: 726KB

.data
Size: 12KB - Virtual size: 48KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 74KB - Virtual size: 74KB

.rmnet
Size: 56KB - Virtual size: 60KB