1a2faa465d0c8fc880c0561ce8b1e8c692509291c03723467704c0940de8f02a

Sharing

Copy URL Twitter E-mail

General

Target

1a2faa465d0c8fc880c0561ce8b1e8c692509291c03723467704c0940de8f02a
Size

1.8MB
MD5

b2ad328bcaf02ea2265a8cf3deb3cd1e
SHA1

c625a7fb24e4b33b83ac955dcaf4ec50e3ed3ff1
SHA256

1a2faa465d0c8fc880c0561ce8b1e8c692509291c03723467704c0940de8f02a
SHA512

963de2b8b6dff829501bceb4b8876c30fe5368cff0598801a706725fda5c9e3c41f113788abbabfcc3b02b7f83f542fde98fe42d6f12a8bf4d8b1b6e07f4b3ea
SSDEEP

49152:HKtopNL+NfMD3AKnpoBI0QB7qq5hOPu7Nr9gVDxYU9kZgO7:qtyN+NfMDxpoHQB7qqLL7Nr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a2faa465d0c8fc880c0561ce8b1e8c692509291c03723467704c0940de8f02a

Files

1a2faa465d0c8fc880c0561ce8b1e8c692509291c03723467704c0940de8f02a
.dll windows:6 windows x86 arch:x86

6aa8c76dec04854ad3c8b2f36ed28209

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\workstation\1-安全接入\1-windows-curl-7.69.0\curl\projects\Windows\VC12\Release\LibcurlDLL.pdb

Imports

ws2_32

bind
WSAGetLastError
send
recv
gethostbyname
connect
getservbyname
closesocket
shutdown
gethostname
freeaddrinfo
getaddrinfo
ioctlsocket
htonl
select
__WSAFDIsSet
listen
accept
sendto
recvfrom
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername

wldap32

ord14
ord46
ord219
ord208
ord216
ord133
ord301
ord147
ord145
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore

kernel32

SetEnvironmentVariableA
GetStringTypeW
GetCurrentDirectoryW
GetFullPathNameW
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
WriteConsoleW
CreatePipe
SetEndOfFile
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
GetLastError
SetLastError
FormatMessageA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SleepEx
VerSetConditionMask
FreeLibrary
GetProcAddress
LoadLibraryW
SetThreadPriority
GetSystemDirectoryW
QueryPerformanceFrequency
VerifyVersionInfoW
Sleep
MoveFileExA
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
GetEnvironmentVariableA
GetTickCount
QueryPerformanceCounter
WaitForSingleObject
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
FlushConsoleInputBuffer
GetCurrentThreadId
GetVersion
GetModuleHandleA
FindClose
GetCurrentProcessId
GetVersionExA
GlobalMemoryStatus
LoadLibraryA
OutputDebugStringA
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetComputerNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RtlCaptureStackBackTrace
GetSystemTimeAsFileTime
GetCurrentProcess
GetExitCodeProcess
CreateFileW
GetFileAttributesExW
FlushFileBuffers
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
DeleteFileW
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetModuleHandleW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SystemTimeToTzSpecificLocalTime
EncodePointer
DecodePointer
HeapFree
GetCommandLineA
HeapAlloc
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
SetFilePointerEx
FileTimeToLocalFileTime
GetFileInformationByHandle
FileTimeToSystemTime
CreateThread
ExitThread
LoadLibraryExW
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetTimeZoneInformation
DuplicateHandle
CreateProcessA
WriteFile
GetConsoleCP
RaiseException
RtlUnwind
HeapSize
GetProcessHeap
GetCurrentThread
ReadConsoleW
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
GetModuleFileNameW
FindFirstFileExW
GetDriveTypeW

user32

GetProcessWindowStation
MessageBoxA
GetDesktopWindow
GetUserObjectInformationW

advapi32

CryptDestroyKey
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource

dbghelp

SymCleanup
SymInitialize
SymFromAddr
UnDecorateSymbolName
SymSetOptions

Exports

Exports

_aisino_acceptFramework_call_single@36
_aisino_acceptFramework_call_single_get@36
_aisino_acceptFramework_call_single_get_with_proxy@68
_aisino_acceptFramework_call_single_with_proxy@68
_curl_http_get@36
_curl_http_get_custom@44
_curl_http_post@36
_curl_http_post_custom@44
_curl_http_post_email@76
_curl_http_post_formData_FileEx@60

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6aa8c76dec04854ad3c8b2f36ed28209

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

crypt32

kernel32

user32

advapi32

dbghelp

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 356KB - Virtual size: 356KB

.data Size: 51KB - Virtual size: 134KB

.tls Size: 30KB - Virtual size: 29KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 68KB - Virtual size: 68KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 356KB - Virtual size: 356KB

.data
Size: 51KB - Virtual size: 134KB

.tls
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 68KB - Virtual size: 68KB

.rmnet
Size: 56KB - Virtual size: 60KB