librdkafkacpp[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

librdkafkacpp.dll
Size

65KB
MD5

8039f16f044a493a3d08807a2cfa4d60
SHA1

b720602c6261ac08922551ca23d9d7337f43edbc
SHA256

30713ef63c155600026bcb340433548b7e71e2f186fb0ca6cc8c7d10b2d6826e
SHA512

7fc7badcf84ffe87ebf99725cd95462c5900c195be0ae03ec49ba889f5083bf435c911d996a815eae425172cb57fc2e8e3819de0e136a5e143d7b818420223d3
SSDEEP

1536:fCdQEVvk95hCV2Ec6dZwnPT+P+giUXNDWP:aaqa+V2EhDwPT+P+giUXNDWP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
librdkafkacpp.dll

Files

librdkafkacpp.dll
.dll windows:6 windows x64 arch:x64

0a34d48e01949f37fcf2acab99bba743

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\Quant\kafka\librdkafka-master\win32\x64\Release\librdkafkacpp.pdb

Imports

librdkafka

rd_kafka_assignment
rd_kafka_committed
rd_kafka_assign
rd_kafka_commit
rd_kafka_position
rd_kafka_poll_set_consumer
rd_kafka_commit_message
rd_kafka_unsubscribe
rd_kafka_consumer_poll
rd_kafka_subscription
rd_kafka_metadata_destroy
rd_kafka_produce
rd_kafka_conf_dup
rd_kafka_flush
rd_kafka_version
rd_kafka_version_str
rd_kafka_wait_destroyed
rd_kafka_subscribe
rd_kafka_offset_store
rd_kafka_topic_partition_available
rd_kafka_topic_conf_set_partitioner_cb
rd_kafka_topic_destroy
rd_kafka_topic_new
rd_kafka_outq_len
rd_kafka_new
rd_kafka_topic_name
rd_kafka_consume_callback
rd_kafka_get_watermark_offsets
rd_kafka_consume_callback_queue
rd_kafka_topic_opaque
rd_kafka_message_timestamp
rd_kafka_err2str
rd_kafka_name
rd_kafka_consume_stop
rd_kafka_consume_queue
rd_kafka_errno2err
rd_kafka_consume
rd_kafka_consumer_close
rd_kafka_topic_partition_list_new
rd_kafka_conf_set_offset_commit_cb
rd_kafka_conf_set_rebalance_cb
rd_kafka_conf_set_log_cb
rd_kafka_pause_partitions
rd_kafka_conf_set_opaque
rd_kafka_conf_set_error_cb
rd_kafka_metadata
rd_kafka_conf_set_socket_cb
rd_kafka_topic_partition_list_destroy
rd_kafka_log_print
rd_kafka_conf_set_stats_cb
rd_kafka_conf_set_throttle_cb
rd_kafka_opaque
rd_kafka_resume_partitions
rd_kafka_topic_partition_list_add
rd_kafka_topic_conf_set_opaque
rd_kafka_seek
rd_kafka_query_watermark_offsets
rd_kafka_mem_free
rd_kafka_consume_start_queue
rd_kafka_memberid
rd_kafka_destroy
rd_kafka_message_destroy
rd_kafka_consume_start
rd_kafka_poll
rd_kafka_topic_conf_get
rd_kafka_conf_destroy
rd_kafka_topic_conf_dup
rd_kafka_conf_set
rd_kafka_conf_get
rd_kafka_conf_dump_free
rd_kafka_conf_set_default_topic_conf
rd_kafka_topic_conf_set
rd_kafka_conf_dump
rd_kafka_topic_conf_new
rd_kafka_topic_conf_dump
rd_kafka_conf_new
rd_kafka_conf_set_dr_msg_cb
rd_kafka_topic_conf_destroy

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

vcruntime140

memset
__std_type_info_destroy_list
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__C_specific_handler
_purecall
memmove
__CxxFrameHandler3
__RTDynamicCast
memcpy
memcmp

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_crt_atexit
_seh_filter_dll
_initterm_e
_initterm
terminate
_cexit
_configure_narrow_argv
_errno
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

kernel32

UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
RtlCaptureContext

Exports

Exports

??0Conf@RdKafka@@QEAA@AEBV01@@Z
??0Conf@RdKafka@@QEAA@XZ
??0ConsumeCb@RdKafka@@QEAA@AEBV01@@Z
??0ConsumeCb@RdKafka@@QEAA@XZ
??0Consumer@RdKafka@@QEAA@AEBV01@@Z
??0Consumer@RdKafka@@QEAA@XZ
??0DeliveryReportCb@RdKafka@@QEAA@AEBV01@@Z
??0DeliveryReportCb@RdKafka@@QEAA@XZ
??0Event@RdKafka@@QEAA@AEBV01@@Z
??0Event@RdKafka@@QEAA@XZ
??0EventCb@RdKafka@@QEAA@AEBV01@@Z
??0EventCb@RdKafka@@QEAA@XZ
??0Handle@RdKafka@@QEAA@AEBV01@@Z
??0Handle@RdKafka@@QEAA@XZ
??0KafkaConsumer@RdKafka@@QEAA@AEBV01@@Z
??0KafkaConsumer@RdKafka@@QEAA@XZ
??0Message@RdKafka@@QEAA@AEBV01@@Z
??0Message@RdKafka@@QEAA@XZ
??0OffsetCommitCb@RdKafka@@QEAA@AEBV01@@Z
??0OffsetCommitCb@RdKafka@@QEAA@XZ
??0OpenCb@RdKafka@@QEAA@AEBV01@@Z
??0OpenCb@RdKafka@@QEAA@XZ
??0PartitionerCb@RdKafka@@QEAA@AEBV01@@Z
??0PartitionerCb@RdKafka@@QEAA@XZ
??0Producer@RdKafka@@QEAA@AEBV01@@Z
??0Producer@RdKafka@@QEAA@XZ
??0RebalanceCb@RdKafka@@QEAA@AEBV01@@Z
??0RebalanceCb@RdKafka@@QEAA@XZ
??0SocketCb@RdKafka@@QEAA@AEBV01@@Z
??0SocketCb@RdKafka@@QEAA@XZ
??0Topic@RdKafka@@QEAA@AEBV01@@Z
??0Topic@RdKafka@@QEAA@XZ
??0TopicPartition@RdKafka@@QEAA@AEBV01@@Z
??0TopicPartition@RdKafka@@QEAA@XZ
??1Conf@RdKafka@@UEAA@XZ
??1ConsumeCb@RdKafka@@UEAA@XZ
??1Consumer@RdKafka@@UEAA@XZ
??1DeliveryReportCb@RdKafka@@UEAA@XZ
??1Event@RdKafka@@UEAA@XZ
??1EventCb@RdKafka@@UEAA@XZ
??1Handle@RdKafka@@UEAA@XZ
??1KafkaConsumer@RdKafka@@UEAA@XZ
??1Message@RdKafka@@UEAA@XZ
??1OffsetCommitCb@RdKafka@@UEAA@XZ
??1OpenCb@RdKafka@@UEAA@XZ
??1PartitionerCb@RdKafka@@UEAA@XZ
??1Producer@RdKafka@@UEAA@XZ
??1RebalanceCb@RdKafka@@UEAA@XZ
??1SocketCb@RdKafka@@UEAA@XZ
??1Topic@RdKafka@@UEAA@XZ
??1TopicPartition@RdKafka@@UEAA@XZ
??4Conf@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4ConsumeCb@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4Consumer@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4DeliveryReportCb@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4Event@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4EventCb@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4Handle@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4KafkaConsumer@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4Message@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4MessageTimestamp@RdKafka@@QEAAAEAV01@$$QEAV01@@Z
??4MessageTimestamp@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4OffsetCommitCb@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4OpenCb@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4PartitionerCb@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4Producer@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4RebalanceCb@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4SocketCb@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4Topic@RdKafka@@QEAAAEAV01@AEBV01@@Z
??4TopicPartition@RdKafka@@QEAAAEAV01@AEBV01@@Z
??_7Conf@RdKafka@@6B@
??_7ConsumeCb@RdKafka@@6B@
??_7Consumer@RdKafka@@6B01@@
??_7Consumer@RdKafka@@6BHandle@1@@
??_7DeliveryReportCb@RdKafka@@6B@
??_7Event@RdKafka@@6B@
??_7EventCb@RdKafka@@6B@
??_7Handle@RdKafka@@6B@
??_7KafkaConsumer@RdKafka@@6B01@@
??_7KafkaConsumer@RdKafka@@6BHandle@1@@
??_7Message@RdKafka@@6B@
??_7OffsetCommitCb@RdKafka@@6B@
??_7OpenCb@RdKafka@@6B@
??_7PartitionerCb@RdKafka@@6B@
??_7Producer@RdKafka@@6B01@@
??_7Producer@RdKafka@@6BHandle@1@@
??_7RebalanceCb@RdKafka@@6B@
??_7SocketCb@RdKafka@@6B@
??_7Topic@RdKafka@@6B@
??_7TopicPartition@RdKafka@@6B@
?MSG_COPY@Producer@RdKafka@@2HB
?MSG_FREE@Producer@RdKafka@@2HB
?OFFSET_BEGINNING@Topic@RdKafka@@2_JB
?OFFSET_END@Topic@RdKafka@@2_JB
?OFFSET_INVALID@Topic@RdKafka@@2_JB
?OFFSET_STORED@Topic@RdKafka@@2_JB
?OffsetTail@Consumer@RdKafka@@SA_J_J@Z
?PARTITION_UA@Topic@RdKafka@@2HB
?RK_MSG_BLOCK@Producer@RdKafka@@2HB
?RK_MSG_COPY@Producer@RdKafka@@2HB
?RK_MSG_FREE@Producer@RdKafka@@2HB
?create@Conf@RdKafka@@SAPEAV12@W4ConfType@12@@Z
?create@Consumer@RdKafka@@SAPEAV12@PEAVConf@2@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?create@KafkaConsumer@RdKafka@@SAPEAV12@PEAVConf@2@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?create@Producer@RdKafka@@SAPEAV12@PEAVConf@2@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?create@Topic@RdKafka@@SAPEAV12@PEAVHandle@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVConf@2@AEAV45@@Z
?create@TopicPartition@RdKafka@@SAPEAV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?err2str@RdKafka@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4ErrorCode@1@@Z
?get_debug_contexts@RdKafka@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?version@RdKafka@@YAHXZ
?version_str@RdKafka@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?wait_destroyed@RdKafka@@YAHH@Z

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a34d48e01949f37fcf2acab99bba743

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

librdkafka

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 44B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 788B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 44B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 788B