3475d8d773faad8b8c33e68fd66fad73

Sharing

Copy URL

Twitter E-mail

General

Target

3475d8d773faad8b8c33e68fd66fad73
Size

84KB
MD5

3475d8d773faad8b8c33e68fd66fad73
SHA1

4875181ef98bb952109185368cbc7a8affedbd38
SHA256

f8362b5bfd1053f192d88db79cfb0e263b57e27abcca45e6f6aba7e3616fbfeb
SHA512

fed7c61fe6059032ca184cdb27c7e2389b98e7bee419457c1f7d3edfdf01a1b241af06120e36c36d94dc53148f3e1d966cff9ca03187637956b1b027bfbb1028
SSDEEP

1536:Dy75mpHVD5Uc5BzbNoW8UGPrcM4MKBSMa4nWql2h3L5/IoY:Dy7uHV1Uc5dbHBGPrxzNVO2B1/IoY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3475d8d773faad8b8c33e68fd66fad73

Files

3475d8d773faad8b8c33e68fd66fad73
.dll windows:6 windows x64 arch:x64

e58259464763035ed1ff5c0bf85f3088

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

net.pdb

Imports

ws2_32

WSAStartup
recv
WSAAddressToStringA
shutdown
send
listen
accept
__WSAFDIsSet
getnameinfo
freeaddrinfo
WSACleanup
WSAEventSelect
WSACreateEvent
WSACloseEvent
gethostname
ntohl
htons
closesocket
htonl
getsockopt
bind
WSAIoctl
WSAGetLastError
WSASetLastError
socket
setsockopt
sendto
select
recvfrom
ntohs
getsockname
ioctlsocket
connect
getaddrinfo

jvm

jio_snprintf
JVM_CurrentTimeMillis

winhttp

WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

java

getErrorString
JNU_ThrowByNameWithMessageAndLastError
JNU_ThrowOutOfMemoryError
JNU_ThrowByName
JNU_ThrowNullPointerException
JNU_NewStringPlatform
JDK_LoadSystemLibrary
JNU_ReleaseStringPlatformChars
JNU_GetStringPlatformChars

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
QueryPerformanceCounter
RaiseException
VerifyVersionInfoW
VerSetConditionMask
WideCharToMultiByte
GetOverlappedResult
Sleep
MultiByteToWideChar
GetProcAddress
FormatMessageA
LocalFree
SetHandleInformation
GlobalFree
IsProcessorFeaturePresent
GetCurrentProcessId
GetLastError
GetSystemInfo
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetCurrentThreadId

vcruntime140

memcpy
__C_specific_handler
__std_type_info_destroy_list
wcsstr
wcschr
memset

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strlen
_wcsdup
strcpy
wcscpy
strcat
wcstok_s
wcslen
wcsncmp
strncpy_s
wcscmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
__stdio_common_vsprintf
__stdio_common_vswprintf
__stdio_common_vsnprintf_s

api-ms-win-crt-heap-l1-1-0

realloc
calloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_cexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_errno
_initterm
_initialize_onexit_table
_initterm_e

Exports

Exports

JNI_OnLoad
Java_java_net_AbstractPlainDatagramSocketImpl_isReusePortAvailable0
Java_java_net_AbstractPlainSocketImpl_isReusePortAvailable0
Java_java_net_DatagramPacket_init
Java_java_net_DualStackPlainDatagramSocketImpl_dataAvailable
Java_java_net_DualStackPlainDatagramSocketImpl_initIDs
Java_java_net_DualStackPlainDatagramSocketImpl_socketBind
Java_java_net_DualStackPlainDatagramSocketImpl_socketClose
Java_java_net_DualStackPlainDatagramSocketImpl_socketConnect
Java_java_net_DualStackPlainDatagramSocketImpl_socketCreate
Java_java_net_DualStackPlainDatagramSocketImpl_socketDisconnect
Java_java_net_DualStackPlainDatagramSocketImpl_socketGetIntOption
Java_java_net_DualStackPlainDatagramSocketImpl_socketLocalAddress
Java_java_net_DualStackPlainDatagramSocketImpl_socketLocalPort
Java_java_net_DualStackPlainDatagramSocketImpl_socketReceiveOrPeekData
Java_java_net_DualStackPlainDatagramSocketImpl_socketSend
Java_java_net_DualStackPlainDatagramSocketImpl_socketSetIntOption
Java_java_net_Inet4AddressImpl_getHostByAddr
Java_java_net_Inet4AddressImpl_getLocalHostName
Java_java_net_Inet4AddressImpl_isReachable0
Java_java_net_Inet4AddressImpl_lookupAllHostAddr
Java_java_net_Inet4Address_init
Java_java_net_Inet6AddressImpl_getHostByAddr
Java_java_net_Inet6AddressImpl_getLocalHostName
Java_java_net_Inet6AddressImpl_isReachable0
Java_java_net_Inet6AddressImpl_lookupAllHostAddr
Java_java_net_Inet6Address_init
Java_java_net_InetAddressImplFactory_isIPv6Supported
Java_java_net_InetAddress_init
Java_java_net_NetworkInterface_boundInetAddress0
Java_java_net_NetworkInterface_getAll
Java_java_net_NetworkInterface_getAll_XP
Java_java_net_NetworkInterface_getByIndex0
Java_java_net_NetworkInterface_getByIndex0_XP
Java_java_net_NetworkInterface_getByInetAddress0
Java_java_net_NetworkInterface_getByInetAddress0_XP
Java_java_net_NetworkInterface_getByName0
Java_java_net_NetworkInterface_getByName0_XP
Java_java_net_NetworkInterface_getMTU0
Java_java_net_NetworkInterface_getMTU0_XP
Java_java_net_NetworkInterface_getMacAddr0
Java_java_net_NetworkInterface_getMacAddr0_XP
Java_java_net_NetworkInterface_init
Java_java_net_NetworkInterface_isLoopback0
Java_java_net_NetworkInterface_isLoopback0_XP
Java_java_net_NetworkInterface_isP2P0
Java_java_net_NetworkInterface_isP2P0_XP
Java_java_net_NetworkInterface_isUp0
Java_java_net_NetworkInterface_isUp0_XP
Java_java_net_NetworkInterface_supportsMulticast0
Java_java_net_NetworkInterface_supportsMulticast0_XP
Java_java_net_PlainSocketImpl_accept0
Java_java_net_PlainSocketImpl_available0
Java_java_net_PlainSocketImpl_bind0
Java_java_net_PlainSocketImpl_close0
Java_java_net_PlainSocketImpl_configureBlocking
Java_java_net_PlainSocketImpl_connect0
Java_java_net_PlainSocketImpl_getIntOption
Java_java_net_PlainSocketImpl_initIDs
Java_java_net_PlainSocketImpl_listen0
Java_java_net_PlainSocketImpl_localAddress
Java_java_net_PlainSocketImpl_localPort0
Java_java_net_PlainSocketImpl_sendOOB
Java_java_net_PlainSocketImpl_setIntOption
Java_java_net_PlainSocketImpl_setSoTimeout0
Java_java_net_PlainSocketImpl_shutdown0
Java_java_net_PlainSocketImpl_socket0
Java_java_net_PlainSocketImpl_waitForConnect
Java_java_net_PlainSocketImpl_waitForNewConnection
Java_java_net_SocketCleanable_cleanupClose0
Java_java_net_SocketInputStream_init
Java_java_net_SocketInputStream_socketRead0
Java_java_net_SocketOutputStream_init
Java_java_net_SocketOutputStream_socketWrite0
Java_java_net_TwoStacksPlainDatagramSocketImpl_bind0
Java_java_net_TwoStacksPlainDatagramSocketImpl_connect0
Java_java_net_TwoStacksPlainDatagramSocketImpl_dataAvailable
Java_java_net_TwoStacksPlainDatagramSocketImpl_datagramSocketClose
Java_java_net_TwoStacksPlainDatagramSocketImpl_datagramSocketCreate
Java_java_net_TwoStacksPlainDatagramSocketImpl_disconnect0
Java_java_net_TwoStacksPlainDatagramSocketImpl_getTTL
Java_java_net_TwoStacksPlainDatagramSocketImpl_getTimeToLive
Java_java_net_TwoStacksPlainDatagramSocketImpl_init
Java_java_net_TwoStacksPlainDatagramSocketImpl_join
Java_java_net_TwoStacksPlainDatagramSocketImpl_leave
Java_java_net_TwoStacksPlainDatagramSocketImpl_peek
Java_java_net_TwoStacksPlainDatagramSocketImpl_peekData
Java_java_net_TwoStacksPlainDatagramSocketImpl_receive0
Java_java_net_TwoStacksPlainDatagramSocketImpl_send0
Java_java_net_TwoStacksPlainDatagramSocketImpl_setTTL
Java_java_net_TwoStacksPlainDatagramSocketImpl_setTimeToLive
Java_java_net_TwoStacksPlainDatagramSocketImpl_socketGetOption
Java_java_net_TwoStacksPlainDatagramSocketImpl_socketLocalAddress
Java_java_net_TwoStacksPlainDatagramSocketImpl_socketNativeSetOption
Java_jdk_net_Sockets_isReusePortAvailable0
Java_sun_net_dns_ResolverConfigurationImpl_init0
Java_sun_net_dns_ResolverConfigurationImpl_loadDNSconfig0
Java_sun_net_dns_ResolverConfigurationImpl_notifyAddrChange0
Java_sun_net_spi_DefaultProxySelector_getSystemProxies
Java_sun_net_spi_DefaultProxySelector_init
Java_sun_net_www_protocol_http_ntlm_NTLMAuthSequence_getCredentialsHandle
Java_sun_net_www_protocol_http_ntlm_NTLMAuthSequence_getNextToken
Java_sun_net_www_protocol_http_ntlm_NTLMAuthSequence_initFirst
Java_sun_net_www_protocol_http_ntlm_NTLMAuthentication_isTrustedSite0
Java_sun_net_www_protocol_http_ntlm_NTLMAuthentication_isTrustedSiteAvailable
NET_Bind
NET_BindV6
NET_EnableFastTcpLoopback
NET_EnableFastTcpLoopbackConnect
NET_GetPortFromSockaddr
NET_GetSockOpt
NET_InetAddressToSockaddr
NET_MapSocketOption
NET_MapSocketOptionV6
NET_SetSockOpt
NET_SockaddrEqualsInetAddress
NET_SockaddrToInetAddress
NET_SocketAvailable
NET_SocketClose
NET_ThrowNew
NET_Timeout
NET_Timeout2
NET_WinBind
initInetAddressIDs
ipv4_available
ipv6_available
reuseport_available

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e58259464763035ed1ff5c0bf85f3088

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

jvm

winhttp

java

advapi32

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 192B

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 192B