e41eaea007e421bb0fad287faad903cff3094cc29d39bf9ce3b38e8e887c4697

Sharing

Copy URL Twitter E-mail

General

Target

e41eaea007e421bb0fad287faad903cff3094cc29d39bf9ce3b38e8e887c4697
Size

1.5MB
MD5

54a11df7cbf388366facb9127d561001
SHA1

0e5597d1ec1769bc093a21427409162cf0e1df26
SHA256

e41eaea007e421bb0fad287faad903cff3094cc29d39bf9ce3b38e8e887c4697
SHA512

a76491df774fad3f57be000022441264ad9d2a75c9520e1024d2fefb1a48cb83d84a22c130176745b556c284615e30142943e3aa29d7acf1f732b90b3ba58d77
SSDEEP

24576:4INkRkLjGL+RH3MkyEAylYI+4IEYrarmZDC3s0G2JZQAlEkMUU0IWbNej:S865gy74I/JgekMUUsbNej

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e41eaea007e421bb0fad287faad903cff3094cc29d39bf9ce3b38e8e887c4697

Files

e41eaea007e421bb0fad287faad903cff3094cc29d39bf9ce3b38e8e887c4697
.dll windows:6 windows x86 arch:x86

c615ebc6eb91a481dff70b03f6e7fe4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\TBNext\TBDataCenter\Release\TBTraderAPIPluginGateway.pdb

Imports

log4cxx

??0?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@QAE@ABV012@@Z
??C?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@QBEPAVLogger@2@XZ
??1?$ObjectPtrT@VLevel@log4cxx@@@helpers@log4cxx@@UAE@XZ
??0LocationInfo@spi@log4cxx@@QAE@QBD0H@Z
?getError@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?getTrace@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?forcedLog@Logger@log4cxx@@QBEXABV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVLocationInfo@spi@2@@Z
?getName@Logger@log4cxx@@QBEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?isErrorEnabled@Logger@log4cxx@@QBE_NXZ
?isTraceEnabled@Logger@log4cxx@@QBE_NXZ
??6CharMessageBuffer@helpers@log4cxx@@QAEAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@H@Z
??6CharMessageBuffer@helpers@log4cxx@@QAEAAV012@PBD@Z
??6CharMessageBuffer@helpers@log4cxx@@QAEAAV012@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0MessageBuffer@helpers@log4cxx@@QAE@XZ
??1MessageBuffer@helpers@log4cxx@@QAE@XZ
??6MessageBuffer@helpers@log4cxx@@QAEAAVCharMessageBuffer@12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?str@MessageBuffer@helpers@log4cxx@@QAEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_ostream@DU?$char_traits@D@std@@@5@@Z
?str@MessageBuffer@helpers@log4cxx@@QAEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVCharMessageBuffer@23@@Z
??1?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@UAE@XZ
?getLogger@Logger@log4cxx@@SA?AV?$ObjectPtrT@VLogger@log4cxx@@@helpers@2@QBD@Z

kernel32

GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeSListHead
LeaveCriticalSection
CloseHandle

common

?utf8_to_gbk@CodeConvert@tbnext@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z
??1Timestamp@tbnext@@QAE@XZ
?now@Timestamp@tbnext@@SA?AV12@W4TBTimeZone@2@@Z
?toISO8601String@Timestamp@tbnext@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?isTimeEnabled@tbnext@@YA_NXZ
?create@IWebsocketClient@tbnext@@SA?AV?$shared_ptr@VIWebsocketClient@tbnext@@@std@@_N@Z
?getScheme@uri@tbnext@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z
??0FileINIConfigReader@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1FileINIConfigReader@@UAE@XZ
?open@FileINIConfigReader@@QAE_NXZ
?value@FileINIConfigReader@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@00@Z
?gbk_to_utf8@CodeConvert@tbnext@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z

msvcp140

?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Cnd_signal
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AAE@XZ
_Mtx_current_owns
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_XGetLastError@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
_Mtx_init_in_situ
_Cnd_register_at_thread_exit
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Thrd_sleep
_Cnd_wait
_Mtx_init
_Thrd_start
_Thrd_id
_Xtime_get_ticks
_Mtx_destroy
_Cnd_init
_Thrd_join
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?_Xlength_error@std@@YAXPBD@Z
_Cnd_timedwait

vcruntime140

__std_exception_destroy
__std_exception_copy
memcpy
memmove
memset
_CxxThrowException
memchr
strchr
__RTDynamicCast
_except_handler4_common
__std_type_info_destroy_list
_purecall
__CxxFrameHandler3
__std_terminate

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm_e
_initterm
_cexit
_crt_atexit
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_execute_onexit_table
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_errno
_register_onexit_function

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtoll
strtod
strtoull

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
fflush
__stdio_common_vsprintf

api-ms-win-crt-math-l1-1-0

_except1
_dtest
_fdtest

Exports

Exports

??0ITradeSession@tbnext@@QAE@ABV01@@Z
??0ITradeSession@tbnext@@QAE@XZ
??1ITradeSession@tbnext@@UAE@XZ
??4ITradeSession@tbnext@@QAEAAV01@ABV01@@Z
??_7ITradeSession@tbnext@@6B@
?cancelExecutiveOrder@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUAccountOrderCancelRequest@2@@Z
?reqCrashReturn@ITradeSession@tbnext@@UAE?AUResultStatus@2@ABUCrashReturnReq@2@@Z
?reqCreditInfo@ITradeSession@tbnext@@UAE?AUResultStatus@2@H@Z
?reqFinancingTargets@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABV?$vector@UICodeID@tbnext@@V?$allocator@UICodeID@tbnext@@@std@@@std@@@Z
?reqFromBankAccountToTradingAccount@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUTransferReq@2@@Z
?reqFromTradingAccountToBankAccount@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUTransferReq@2@@Z
?reqMarginTargets@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABV?$vector@UICodeID@tbnext@@V?$allocator@UICodeID@tbnext@@@std@@@std@@@Z
?reqQryBankAccountMoney@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUBankMoneyReq@2@@Z
?reqQryBankAccountregister@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUBankAccountregisterReq@2@@Z
?reqQryCFMMCTradingAccountToken@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUTradingAccountID@2@@Z
?reqQryExecutiveOrder@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUAccountOrderRequest@2@@Z
?reqQryHistoryData@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUHistoryDataReqV2@2@@Z
?reqQryHistoryFill@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUHistoryDataReq@2@@Z
?reqQryInstrument@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUInstrumentReq@2@@Z
?reqQryStkStatement@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUHistoryDataReq@2@@Z
?reqQryTransferBank@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUTransferBankReq@2@@Z
?reqQryTransferSerial@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUTransferSerialReq@2@@Z
?reqSecurityReturn@ITradeSession@tbnext@@UAE?AUResultStatus@2@ABUSecurityReturnReq@2@@Z
?reqSessionInit@ITradeSession@tbnext@@UAE?AUResultStatus@2@H@Z
?sendExecutiveOrder@ITradeSession@tbnext@@UAE?AUResultStatus@2@HABUAccountOrderNewRequest@2@@Z
_CreateTradeSession@0
_GetPluginInfo@0

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c615ebc6eb91a481dff70b03f6e7fe4e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

log4cxx

kernel32

common

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 207KB - Virtual size: 206KB

.data Size: 16KB - Virtual size: 26KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 66KB - Virtual size: 66KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 207KB - Virtual size: 206KB

.data
Size: 16KB - Virtual size: 26KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 66KB - Virtual size: 66KB