CloudNetDataIO[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CloudNetDataIO.dll
Size

391KB
MD5

f1961153c5f0371db426c4db001aa896
SHA1

42f15ce6ebb71207a031c8b69a79f3660b8ec516
SHA256

438b1a3afd277faafab6d11863ffce85ef5c9d842283219737e0b88dc95ea9ae
SHA512

a11c8f3732a90b6f56c6bd272295745fae46f37bc9b3553ce0ce5e9400e04db83d604032cc2f4a99314d60ba01a9dab13d693b3afc05b00c03120cbb5a69f9f4
SSDEEP

6144:5u57CtmHXwiBKc2xiSg4KRASTB4dx+N8OlgGOMUs:85LHXycIfg3ASTydxNMUs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CloudNetDataIO.dll

Files

CloudNetDataIO.dll
.dll windows:5 windows x64 arch:x64

7218dfe5efc33078c6f820ccfc07d965

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\WorkDir\DataPeek\DOUBLE\NEWCloudNetDataIOLv2\CloudNetDataIO_Zhongguang\bin_R64\CloudNetDataIO.pdb

Imports

msvcr100

__clean_type_info_names_internal
memcmp
memcpy
_stricmp
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
?terminate@@YAXXZ
__CxxFrameHandler3
_errno
free
malloc
_vsnprintf
_strnicmp
toupper
atol
strncmp
_vsnprintf_s
printf
_ctime64
_time64
strncpy
strpbrk
sprintf_s
_purecall
??_V@YAXPEAX@Z
_CxxThrowException
??_U@YAPEAX_K@Z
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memmove
sscanf
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBD@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
sprintf

msvcp100

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Orphan_all@_Container_base12@std@@QEAAXXZ
??1_Container_base12@std@@QEAA@XZ
??0_Container_base12@std@@QEAA@XZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?setf@ios_base@std@@QEAAHHH@Z
?setf@ios_base@std@@QEAAHH@Z
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ

mfc100

ord13393
ord4555
ord2116
ord11106
ord11107
ord12927
ord6806
ord12925
ord8182
ord3535
ord3477
ord6823
ord1709
ord13700
ord10609
ord12808
ord11099
ord6868
ord13109
ord13106
ord13111
ord13108
ord13110
ord13107
ord3288
ord1463
ord10867
ord7063
ord9145
ord10871
ord10840
ord11470
ord4458
ord4722
ord4892
ord8135
ord4700
ord4895
ord4461
ord4597
ord4445
ord6640
ord5554
ord1247
ord1275
ord322
ord1844
ord1906
ord2048
ord2050
ord1914
ord396
ord2002
ord1945
ord2040
ord2012
ord2014
ord3285
ord321
ord2051
ord13144
ord6641
ord6631
ord4595
ord7065
ord8977
ord8000
ord5871
ord3934
ord893
ord1895
ord10859
ord859
ord2028
ord2024
ord1947
ord6865
ord7286
ord7213
ord5031
ord11410
ord1266
ord876
ord6580
ord11489

kernel32

GetLastError
InitializeCriticalSectionAndSpinCount
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCurrentProcessId
CreateSemaphoreA
ReleaseSemaphore
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
LocalAlloc
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
CloseHandle
TerminateThread
WaitForSingleObject
CreateThread
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalFree
EnterCriticalSection

ws2_32

WSAStartup
socket
WSAGetLastError
htonl
htons
bind
inet_addr
setsockopt
getsockopt
connect
send
recv
listen
select
closesocket
accept

jsonirpc

JsonBinClientRPC
JsonBinClientRPC_async
IJsonMutiResultFree
DeleteJsonICERPC
RegisterJsonICEClient2
CreateJsonICEClient
JsonBinClientPUT

libzmq

zmq_ctx_new
zmq_ctx_shutdown
zmq_ctx_term
zmq_socket
zmq_setsockopt
zmq_connect
zmq_poll
zmq_errno
zmq_close
zmq_msg_init
zmq_msg_recv
zmq_msg_size
zmq_msg_data
zmq_msg_close

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

Exports

Exports

?DelJrjNetStockIO@JrjNetDataIO@Finance@@YAXPEAVICloudNetDataIO@@@Z
?NewJrjNetStockIO@JrjNetDataIO@Finance@@YAPEAVICloudNetDataIO@@XZ

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7218dfe5efc33078c6f820ccfc07d965

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr100

msvcp100

mfc100

kernel32

ws2_32

jsonirpc

libzmq

rpcrt4

Exports

Exports

Sections

.text Size: 311KB - Virtual size: 310KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 311KB - Virtual size: 310KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB