3f0feff4057f23cee7c30c7ba42202b0e9a4d079aca6487a44c5958e71ccc3ad

Sharing

Copy URL

Twitter E-mail

General

Target

3f0feff4057f23cee7c30c7ba42202b0e9a4d079aca6487a44c5958e71ccc3ad
Size

745KB
MD5

92b25d44ad1a6d88824b86f4bff3b1e7
SHA1

cc278513d7e6c86219088eb83aca9e2316225fb9
SHA256

3f0feff4057f23cee7c30c7ba42202b0e9a4d079aca6487a44c5958e71ccc3ad
SHA512

5d9aea4e3fc32cd3aab1c9737414162d562c14983fd66c05f206698909456e04de322dcda0ebe4e488078f174490c2036284625efa0eb2a3777921945e9baa9a
SSDEEP

12288:RAd11rF5BJNKIDUVvBr9TgocezxqVAwJXb1W2Ix6DhRg3G:RkhDuIsTgizxqXXb1WZshRgW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f0feff4057f23cee7c30c7ba42202b0e9a4d079aca6487a44c5958e71ccc3ad

Files

3f0feff4057f23cee7c30c7ba42202b0e9a4d079aca6487a44c5958e71ccc3ad
.dll windows:5 windows x86 arch:x86

c871875689d782e58d4225dda70828f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tvuser\MF920V4A\SUF_DL_MF920VV1.00.00\code\ZTEP60A_DL_DLL_WCDMAV4.00.06\Bin\Release\Plugins\BL_DL_WCDMA_QualCom.pdb

Imports

shlwapi

PathFileExistsA

setupapi

CM_Get_Sibling
CM_Get_Child
CM_Get_DevNode_Registry_PropertyA
CM_Locate_DevNodeA
CM_Get_Parent
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDA

mfc100

ord9281
ord6112
ord888
ord6835
ord13136
ord11627
ord13125
ord1317
ord3839
ord314
ord12986
ord13312
ord5635
ord7317
ord4939
ord4464
ord6195
ord4505
ord14116
ord11902
ord421
ord10906
ord977
ord5208
ord11277
ord2524
ord1479
ord339
ord916
ord12716
ord7933
ord4345
ord12962
ord322
ord13518
ord6678
ord2617
ord9475
ord6970
ord4790
ord422
ord5539
ord3621
ord5627
ord978
ord13219
ord3970
ord788
ord1210
ord11107
ord12868
ord3254
ord3253
ord3373
ord3366
ord4785
ord11067
ord8137
ord10007
ord10360
ord3620
ord2974
ord2973
ord2752
ord5532
ord12531
ord2416
ord8235
ord8305
ord5803
ord381
ord946
ord868
ord10915
ord1266
ord11318
ord2538
ord7875
ord915
ord3738
ord2742
ord5534
ord12535
ord2881
ord2878
ord7349
ord2417
ord14059
ord14061
ord14060
ord14058
ord14062
ord14045
ord13972
ord13973
ord8222
ord11025
ord3395
ord10883
ord13294
ord11420
ord11154
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord13481
ord1503
ord1509
ord1507
ord1514
ord4373
ord5098
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord1448
ord1483
ord13130
ord1929
ord7141
ord1288
ord7584
ord7510
ord11726
ord13767
ord4724
ord11103
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord5444
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8304
ord5777
ord895
ord11421
ord13301
ord7073
ord13299
ord8486
ord3676
ord3390
ord1982
ord4498
ord11439
ord11744
ord423
ord4188
ord4207
ord4936
ord2525
ord979
ord4143
ord265
ord266
ord7876
ord300
ord310
ord4144
ord316
ord4283
ord7487
ord11781
ord1313
ord7837
ord2611
ord5242
ord305
ord2626
ord901
ord1316
ord5788
ord871
ord1269
ord1294
ord2063
ord2067
ord1296
ord3618
ord11806
ord7091
ord1732
ord14075
ord10922
ord13181
ord11413
ord7144
ord13483
ord13480
ord13485
ord11787
ord11153
ord11184
ord9449
ord7355
ord4078
ord11180
ord11172
ord5238
ord4410
ord3409
ord1496
ord2163
ord13482
ord8070
ord906
ord2090
ord2052
ord2050
ord2079
ord1979
ord2040
ord3406
ord408
ord1948
ord2089
ord2087
ord1940
ord1867
ord323
ord1297
ord13484

msvcr100

isspace
_strupr
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
fprintf
_time64
strcmp
qsort
abort
vfprintf
_vsnprintf
wcsstr
fgets
feof
_fileno
_setmode
fflush
ferror
fwrite
ftell
_errno
strerror
wctomb
_mbclen
_mbsnbicmp
_mbsnbcmp
_mbsstr
_mbschr
__iob_func
atof
_stricmp
ceil
strtol
_splitpath_s
vsprintf_s
strncpy_s
printf
exit
fopen
fseek
fread
fclose
strstr
strcpy_s
__RTDynamicCast
sprintf
strncpy
strchr
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
memchr
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove
tolower
atoi
strncmp
isalnum
isalpha
__isascii
iscntrl
isdigit
isgraph
islower
isprint
ispunct
isupper
isxdigit
malloc
_strdup
realloc
toupper
free
memcpy
__CxxFrameHandler3
_purecall
memset

kernel32

GetDriveTypeA
GetLogicalDrives
OutputDebugStringA
GetVersionExA
WinExec
RemoveDirectoryA
DeleteFileA
GetLocalTime
FindClose
FindFirstFileA
LocalFree
LocalAlloc
SizeofResource
LoadResource
DeviceIoControl
FindNextFileA
FormatMessageA
LoadLibraryExA
lstrcpynA
InitializeCriticalSection
GetCurrentThreadId
GetVersion
GetFileType
CreateFileA
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
WideCharToMultiByte
GlobalAlloc
GlobalFree
CreateDirectoryA
GetModuleFileNameA
LoadLibraryA
FreeLibrary
Sleep
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetProcAddress
InitializeCriticalSectionAndSpinCount
GetLastError
GetStdHandle
CloseHandle
GetModuleHandleA
FindResourceA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

wsprintfA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
IsWindowVisible
InvalidateRect
GetClientRect
SendMessageA
EnableWindow

advapi32

ReportEventA
DeregisterEventSource
RegSetValueExA
RegEnumValueA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegisterEventSourceA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

msvcp100

?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

ws2_32

socket
htons
connect
recv
select
closesocket
send
gethostbyname
inet_addr
WSAStartup

winmm

mciSendCommandA

iphlpapi

GetAdaptersInfo

Exports

Exports

Create

Sections

.text
Size: 445KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 32.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c871875689d782e58d4225dda70828f0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

setupapi

mfc100

msvcr100

kernel32

user32

advapi32

shell32

msvcp100

ws2_32

winmm

iphlpapi

Exports

Exports

Sections

.text Size: 445KB - Virtual size: 445KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 61KB - Virtual size: 32.1MB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 131KB - Virtual size: 131KB

.text
Size: 445KB - Virtual size: 445KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 61KB - Virtual size: 32.1MB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 131KB - Virtual size: 131KB