4738d14906eb9ae2c2603fdd9170fbcd6afd619b961488d368a2e67c86f0dee4

Sharing

Copy URL Twitter E-mail

General

Target

4738d14906eb9ae2c2603fdd9170fbcd6afd619b961488d368a2e67c86f0dee4
Size

341KB
MD5

10cf7c4eb18cd58efaad14fc4b7a8d9b
SHA1

9902a41f773fa65c4e410159206244ece462c567
SHA256

4738d14906eb9ae2c2603fdd9170fbcd6afd619b961488d368a2e67c86f0dee4
SHA512

e646e3faf8ddbce49fe675ac20d1520135853d1b287b1e60785446d34e56a37c8a813b87ec201f028a00e30714c96936ac81b385b946975ade4b5ca1356e4d2c
SSDEEP

6144:W39ifReIeJq3mrNogZ3a3UECdAhqVHQuPgH7lL//CfhCTFJ60u:W3LIeJq3MRZXFAhqxFA7B/KCTFJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4738d14906eb9ae2c2603fdd9170fbcd6afd619b961488d368a2e67c86f0dee4

Files

4738d14906eb9ae2c2603fdd9170fbcd6afd619b961488d368a2e67c86f0dee4
.dll windows:5 windows x86 arch:x86

a351db8daab36f346de5b265956d7b72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jdk7_32P\jdk7\build\windows-i586\tmp\sun\hprof_jvmti\obj\hprof.pdb

Imports

wsock32

ntohl
ntohs
htonl
WSAStartup
WSACleanup
send
closesocket
shutdown
recv
socket
gethostbyname
htons
connect

winmm

timeGetTime

msvcr100

exit
strrchr
remove
tolower
strchr
fprintf
strtod
strtol
getenv
free
signal
_time64
_lseeki64
_vsnprintf
strerror
sprintf
qsort
malloc
_write
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
abort
__iob_func
vfprintf
strncpy
memset
isprint
memcpy
_errno
_strdup
_getpid
_open
_read
_ctime64
_malloc_crt

kernel32

InterlockedCompareExchange
DecodePointer
EncodePointer
FreeLibrary
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FormatMessageA
SystemTimeToFileTime
GetSystemTime
Sleep
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
InterlockedExchange

Exports

Exports

_Agent_OnLoad@12
_Agent_OnUnload@4

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 225KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a351db8daab36f346de5b265956d7b72

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

winmm

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 225KB - Virtual size: 228KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 225KB - Virtual size: 228KB