1f18b4f8cba9e9fa0ef99468e4a325809fc2ea03a06a39052a04800fe80ae34c

Sharing

Copy URL Twitter E-mail

General

Target

1f18b4f8cba9e9fa0ef99468e4a325809fc2ea03a06a39052a04800fe80ae34c
Size

333KB
MD5

07b4daf5936892b4d98b225a1f3cbd59
SHA1

ceaa5d234a3aec85c6408dbb07eef3c28023e5cf
SHA256

1f18b4f8cba9e9fa0ef99468e4a325809fc2ea03a06a39052a04800fe80ae34c
SHA512

79fcb5a8a6eb7a7314c9735885f02fb9528e11a72b6f73c80ca58b87c5104159abe532f9bc38e0482212b54a7f2f0a44782c2fbf88c4c2c4b4be020f0d86faa6
SSDEEP

6144:CbLym4M1usqAw8AX5tsKAmGV7CH1eAPKycEmJtr:3mfgszuX5jaNQIt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f18b4f8cba9e9fa0ef99468e4a325809fc2ea03a06a39052a04800fe80ae34c

Files

1f18b4f8cba9e9fa0ef99468e4a325809fc2ea03a06a39052a04800fe80ae34c
.dll windows:5 windows x86 arch:x86

13358746ca96f6abfeef55d5169d1a86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\ade\jenkins\workspace\8-2-build-windows-i586-cygwin\jdk8u241\331\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdb

Imports

wsock32

ntohl
ntohs
htonl
WSAStartup
WSACleanup
send
shutdown
recv
gethostbyname
htons
socket
connect
closesocket

winmm

timeGetTime

msvcr100

signal
exit
strrchr
remove
tolower
strchr
fprintf
strtod
strtol
getenv
free
_ctime64
abort
_lseeki64
_vsnprintf
strerror
_access
_snprintf
strtok_s
sprintf
_write
malloc
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
__iob_func
vfprintf
strncpy
memset
isprint
memcpy
_errno
_strdup
_getpid
_open
_read
_time64
qsort

kernel32

InterlockedCompareExchange
DecodePointer
EncodePointer
GetModuleFileNameA
FreeLibrary
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetLastError
FormatMessageA
SystemTimeToFileTime
GetSystemTime
Sleep
LoadLibraryA
GetProcAddress
InterlockedExchange

Exports

Exports

_Agent_OnLoad@12
_Agent_OnUnload@4

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 216KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13358746ca96f6abfeef55d5169d1a86

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

winmm

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 216KB - Virtual size: 220KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 216KB - Virtual size: 220KB