e338fdcbcf1edb3367df367cbe5369f9a960ed0225dfd854720d6787d3dffd4e

Sharing

Copy URL Twitter E-mail

General

Target

e338fdcbcf1edb3367df367cbe5369f9a960ed0225dfd854720d6787d3dffd4e
Size

714KB
MD5

f4552bd532dea710d89c78e6ae57d383
SHA1

2464f610745a2347d75f9d3f55465249560244c7
SHA256

e338fdcbcf1edb3367df367cbe5369f9a960ed0225dfd854720d6787d3dffd4e
SHA512

32056c2ab4b3781ee65acb74d568dd07871a4343aa093eda28f7d6a746cdd6473971fe6dcfb0521d17b1c05b1abf4f3990fd134317159753e0fa40dba3507ecc
SSDEEP

6144:+Lrfj4xk68xuIR59V5cUbSsXvh5dA3dOuBXh3ei+QTUa1VY4SOl2FLZfy71yRn7T:+Hbp6gIsXJudFX1ehlYG4KygcRuH/c8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e338fdcbcf1edb3367df367cbe5369f9a960ed0225dfd854720d6787d3dffd4e

Files

e338fdcbcf1edb3367df367cbe5369f9a960ed0225dfd854720d6787d3dffd4e
.dll windows:5 windows x64 arch:x64

bcb043cd742a29311cd91f12c4f4870e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

m:\F\n\2022-8-31\libKAD\x64\Unicode Release\libKAD.pdb

Imports

mfc90u

ord5458
ord6441
ord4167
ord6359
ord935
ord2372
ord2536
ord6456
ord5475
ord5476
ord3008
ord285
ord1519
ord2769
ord3288
ord268
ord441
ord1512
ord4103
ord4187
ord2326
ord6281
ord2378
ord6325
ord5845
ord1287
ord568
ord1271
ord316
ord5533
ord2533
ord878
ord1018
ord3972
ord6160
ord1270
ord3261
ord762
ord570
ord2380
ord3931
ord450
ord5697
ord306
ord1290
ord4214
ord5619
ord914
ord877
ord392
ord641
ord5452
ord1468
ord6434
ord1207
ord5755
ord3179
ord2977
ord386
ord1041
ord5567
ord759
ord567
ord6259
ord3488
ord4035
ord5658
ord3343
ord1614
ord5449
ord1205
ord6432
ord2411
ord5460
ord6443
ord2016
ord789
ord2184
ord1211
ord296
ord2768
ord3285
ord889
ord2976
ord300
ord2984
ord589
ord291
ord5532
ord1149
ord388
ord3400
ord3341
ord2767
ord2773
ord5623
ord287
ord2975
ord2531
ord280
ord887
ord266
ord265
ord2399
ord5477
ord1240
ord2537
ord1473
ord2368
ord931
ord6356
ord4164
ord6014
ord5757
ord2176
ord5217
ord1209
ord2816
ord2819
ord2812
ord3180
ord3329
ord3868
ord5455
ord4209
ord2981
ord6438
ord680
ord440
ord4145
ord4121
ord6422
ord3901
ord6424
ord4438
ord2110
ord2065
ord5713
ord3906
ord1025
ord5230
ord6363
ord5511
ord3932
ord1966
ord3005
ord5356
ord5358
ord2303
ord4050
ord4687
ord5362
ord5345
ord5696
ord2602
ord2797
ord2904
ord4419
ord2780
ord2907
ord2605
ord2711
ord2598
ord3818
ord3819
ord3809
ord2709
ord4051
ord4596
ord4372
ord3424
ord1786
ord1103
ord1481
ord5225
ord4151
ord6349
ord1061
ord320
ord559
ord1042
ord6012
ord5760
ord2179
ord3183
ord3411
ord5359
ord2304
ord4688
ord3023
ord3385
ord542
ord5611
ord5589
ord985
ord774
ord581
ord3693
ord5575
ord1963
ord736
ord3930
ord772
ord577
ord3783
ord777
ord310
ord688
ord592
ord1235
ord1203
ord1201
ord1225
ord1146
ord1195
ord379
ord1118
ord1234
ord1232
ord1111
ord1053
ord321
ord780
ord791
ord286
ord588
ord3427
ord779

msvcr90

memcmp
_CxxThrowException
_strupr
_memicmp
ceil
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
__CxxFrameHandler3
_swprintf
_localtime64_s
wcsftime
_snwprintf
_vsnwprintf
rand
calloc
wcschr
wcscspn
srand
setvbuf
_time64
wcsstr
memcpy_s
wcsncpy
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBV01@@Z
_invalid_parameter_noinfo
exit
??0exception@std@@QEAA@XZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
_purecall
sscanf
strpbrk
malloc
memchr
strstr
sprintf
atoi
strchr
free
_strnicmp

kernel32

ResetEvent
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetSystemTimeAsFileTime
SetLastError
SetFilePointer
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalAlloc
SetEvent
GetComputerNameA
GetThreadPriority
WaitForSingleObject
OutputDebugStringW
LocalFree
FormatMessageW
ResumeThread
GetTickCount
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
GetLastError

user32

DispatchMessageW
TranslateMessage
PeekMessageW

ole32

CoCreateGuid

wsock32

ntohs
recvfrom
setsockopt
sendto
socket
htons
ioctlsocket
select
recv
send
accept
closesocket
inet_ntoa
connect
WSAGetLastError
WSAAsyncSelect
gethostbyname
ntohl
bind

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

winmm

timeGetTime

Exports

Exports

Kademlia_BeginThread
Kademlia_Bootstrap
Kademlia_EndThread
Kademlia_Init
Kademlia_Publish
Kademlia_SearchFileHash
Kademlia_SearchKeyword
Kademlia_Start
Kademlia_Stop
Kademlia_StopSearch

Sections

.text
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcb043cd742a29311cd91f12c4f4870e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

ole32

wsock32

msvcp90

winmm

Exports

Exports

Sections

.text Size: 431KB - Virtual size: 430KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 6KB - Virtual size: 136KB

.pdata Size: 23KB - Virtual size: 23KB

.rsrc Size: 130KB - Virtual size: 129KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 431KB - Virtual size: 430KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 6KB - Virtual size: 136KB

.pdata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 130KB - Virtual size: 129KB

.reloc
Size: 4KB - Virtual size: 4KB