4c94a319129c0227afd93a8d6e51046aaf09bbaa8274fe8a89c351e69e27a803

Sharing

Copy URL Twitter E-mail

General

Target

4c94a319129c0227afd93a8d6e51046aaf09bbaa8274fe8a89c351e69e27a803
Size

101KB
MD5

096c39b3b7a85f7c6c4797490f3f17eb
SHA1

cd7558342ea80ba99209ddb1684769ad2f5dd574
SHA256

4c94a319129c0227afd93a8d6e51046aaf09bbaa8274fe8a89c351e69e27a803
SHA512

ca5a83e0412ab1aca6d3c5c6d7a4f57ee1cf4d7a6edac10ec39d6a2b2b1f6f476167bec98abcb6128bce71b679df461bb090b181dd87b2cf61cee084b5e8888b
SSDEEP

1536:vx+UKFYL5BO4p3Dbbi3Ig12mCDzcOcRMGhWsWjcdVKSVwT:vxd95BO4ND/I12cMcZVKSV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c94a319129c0227afd93a8d6e51046aaf09bbaa8274fe8a89c351e69e27a803

Files

4c94a319129c0227afd93a8d6e51046aaf09bbaa8274fe8a89c351e69e27a803
.dll windows:6 windows x86 arch:x86

32f7247b403979cc7f4846e182770284

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\iotc_code\iotc\Lib\Windows\Win32\RDTAPIs.pdb

Imports

iotcapis

IOTC_Session_Write
IOTC_Session_Channel_ON
IOTC_Session_Set_Channel_RcvIdleCb
ttk_mutex_lock
TUTK_LOG_SetAttr
IOTC_Session_Check_Ex
TUTK_LOG_SetPath
IOTC_Session_Channel_OFF
IOTC_Session_unLock
ttk_mem_alloc
tutk_platform_snprintf
IOTC_Session_Set_Channel_RcvCb
ttk_mem_free
IOTC_Get_Remote_ProtocolVersion
tutk_platform_set_thread_name
tutk_platform_CreateTask
IOTC_Session_Check
ttk_get_current_time
ttk_mutex_init
IOTC_Session_Lock
ttk_mutex_unlock
tutk_platform_WaitForTaskExit
IOTC_Check_Session_Status

kernel32

SetWaitableTimer
WaitForSingleObject
GetSystemTimeAsFileTime
Sleep
CreateWaitableTimerW
CloseHandle
GetLastError
HeapFree
HeapAlloc
WideCharToMultiByte
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
DeleteCriticalSection
GetCPInfo
SetLastError
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
OutputDebugStringW
GetStringTypeW
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
LCMapStringW
CreateFileW
SetFilePointerEx
WriteConsoleW
SetEndOfFile
ReadFile
ReadConsoleW

Exports

Exports

RDT_Abort
RDT_Create
RDT_Create_Exit
RDT_DeInitialize
RDT_Destroy
RDT_Flush
RDT_GetRDTApiVer
RDT_Initialize
RDT_Private_Status_Check
RDT_Read
RDT_Set_Log_Attr
RDT_Set_Log_Path
RDT_Set_MaxPacketDataSize
RDT_Set_Max_Channel_Number
RDT_Set_Max_Pending_ACK_Number
RDT_Set_Max_SendBuffer_Size
RDT_Status_Check
RDT_Write
RDT_Write_UrgentData

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f7247b403979cc7f4846e182770284

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iotcapis

kernel32

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB