bc8ff6f1198f06fb90ab64a2f3c3b5effd0d6f1b5ed721cdf8d224b0509f1e6b

Sharing

Copy URL Twitter E-mail

General

Target

bc8ff6f1198f06fb90ab64a2f3c3b5effd0d6f1b5ed721cdf8d224b0509f1e6b
Size

402KB
MD5

c9d6f11e29f536f0d0d71c9640711da5
SHA1

367465aaff866495b456268f7b340e45d3aebf47
SHA256

bc8ff6f1198f06fb90ab64a2f3c3b5effd0d6f1b5ed721cdf8d224b0509f1e6b
SHA512

132c816539259112bd1014410b29b9a6a475dc048a96d01de50a42e03299c30d46c78edafd4963d090d57660362ea1dbc19fac1fbdd0638ca743371534361baa
SSDEEP

6144:SZcifN5Dt18pGeeKX3GuBs835QWxX4p1IQJ0LHzFpuiioO3wwQ3TZ0y1GQ3l:SZcC7tevWuB15QTMzzTuBoOgSy3l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc8ff6f1198f06fb90ab64a2f3c3b5effd0d6f1b5ed721cdf8d224b0509f1e6b

Files

bc8ff6f1198f06fb90ab64a2f3c3b5effd0d6f1b5ed721cdf8d224b0509f1e6b
.dll windows:5 windows x86 arch:x86

ed947c6caf6fc328d4ab0f7c39763288

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\ade\jenkins\workspace\8-2-build-windows-i586-cygwin\jdk8u241\331\build\windows-i586\jdk\objs\libjdwp\jdwp.pdb

Imports

msvcr100

free
_access
strtok_s
strerror
_errno
sprintf
_localtime64
_time64
strftime
strrchr
setvbuf
fopen
fclose
_sleep
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
fflush
_vsnprintf
strncpy
fprintf
getenv
atol
strtol
abort
strcpy
strcat
exit
abs
strchr
_setjmp3
memcpy
_snprintf
longjmp
strlen
strncmp
strcmp
__iob_func
isdigit
memset
_getpid
_strdup

kernel32

GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetLastError
FormatMessageA
CreateProcessA
GetCurrentThreadId
LoadLibraryA
GetProcAddress
GetSystemTimeAsFileTime

Exports

Exports

_Agent_OnLoad@12
_Agent_OnUnload@4

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 258KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed947c6caf6fc328d4ab0f7c39763288

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 116KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 258KB - Virtual size: 260KB

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 258KB - Virtual size: 260KB