efd9f8c04917838dd742e81fb11a35125c16ef818f8774000d31faa9da39e64b

General

Target

efd9f8c04917838dd742e81fb11a35125c16ef818f8774000d31faa9da39e64b
Size

219KB
MD5

25666f1c294131a4e3f3b6c14eef47d2
SHA1

16ec47ffde4257ac1b6af67b73f66413ebe2f794
SHA256

efd9f8c04917838dd742e81fb11a35125c16ef818f8774000d31faa9da39e64b
SHA512

4445107cc47cf445c16e2f47560c7da9de498cea3fb107705ba6ee5536eee93d30e211d359bcf55c8036a6de4971b71ab618086b47b31bee128ae2235dee4dcc
SSDEEP

3072:+Jl/o1fYJXzSX/YPisLqC81rcY7javd1A2EXPRCumH31o8/l6zO3RjohZjDA3frV:+jg1ycg5+CK9fE998O3uLcD7wcD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efd9f8c04917838dd742e81fb11a35125c16ef818f8774000d31faa9da39e64b

Files

efd9f8c04917838dd742e81fb11a35125c16ef818f8774000d31faa9da39e64b
.dll windows:5 windows x86 arch:x86

0e19e82325b9c1c37d5100c97645a590

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jdk7_32P\jdk7\build\windows-i586\tmp\sun\sun.tracing.dtrace\jsdt\obj\jsdt.pdb

Imports

msvcr100

_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
malloc
free
calloc

kernel32

GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
FreeLibrary
GetModuleHandleA

Exports

Exports

_Java_sun_tracing_dtrace_JVM_activate0@16
_Java_sun_tracing_dtrace_JVM_defineClass0@28
_Java_sun_tracing_dtrace_JVM_dispose0@16
_Java_sun_tracing_dtrace_JVM_isEnabled0@12
_Java_sun_tracing_dtrace_JVM_isSupported0@8

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 210KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e19e82325b9c1c37d5100c97645a590

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 864B

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 210KB - Virtual size: 212KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 864B

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 210KB - Virtual size: 212KB