b4d05181b1edffa45334ab0f5c412750def3bf739a0200e6455ca14824076b0e

Sharing

Copy URL

Twitter E-mail

General

Target

b4d05181b1edffa45334ab0f5c412750def3bf739a0200e6455ca14824076b0e
Size

401KB
MD5

6af1201d55da1c13ffdfd538fb260ed5
SHA1

28bd7792ae18c7f0c250ee27795284bf7af29e00
SHA256

b4d05181b1edffa45334ab0f5c412750def3bf739a0200e6455ca14824076b0e
SHA512

01f1724a1a0afc546ede514195f39ebfb1b3f704e97aa11f270bbdb928954ffb6c7eafb9383a812406a892dec21bb5fa005ea48564452f59787a6d1611815c85
SSDEEP

12288:KZgudZhQ+VGWfv3tZ1oAUzQ35VxWqNeu:odZhQRav3rqAt35/Wxu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4d05181b1edffa45334ab0f5c412750def3bf739a0200e6455ca14824076b0e

Files

b4d05181b1edffa45334ab0f5c412750def3bf739a0200e6455ca14824076b0e
.dll windows:6 windows x86 arch:x86

97556d967a0a158aea743f35def62982

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjdwp\jdwp.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
GetCurrentThreadId
CreateProcessA
GetLastError
FormatMessageA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead

vcruntime140

memset
longjmp
memcpy
_setjmp3
strchr
strrchr
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsprintf
setvbuf
fopen
fclose
fflush

api-ms-win-crt-string-l1-1-0

strtok_s
strcpy
strlen
isdigit
strcmp
strncmp
_strdup
strncpy
strcat

api-ms-win-crt-utility-l1-1-0

abs

api-ms-win-crt-runtime-l1-1-0

exit
_initterm
_initterm_e
_getpid
_crt_atexit
_sleep
_errno
_execute_onexit_table
strerror
_cexit
abort
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-convert-l1-1-0

atol
strtol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
strftime

Exports

Exports

_Agent_OnLoad@12
_Agent_OnUnload@4

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 249KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97556d967a0a158aea743f35def62982

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 249KB - Virtual size: 252KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 249KB - Virtual size: 252KB