libzmq[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

libzmq.dll
Size

312KB
MD5

15cccec537d0d72324f7d4a8db991a93
SHA1

7185db6b3af43cbd3b4469c8ac53295e54672b75
SHA256

597ec88c2dea1d0ed366a4373e13395fe473d787e20b239825c199fb55b99f4b
SHA512

590efdfac4f657d03aa32cfc3141b4574c54baeb90151d39aaaead20e2411a1dd2beb53a1bd0afb605bcf69afe4714989fa11e0fb0c21a1130ccb15de57b42c2
SSDEEP

6144:vbxMjwxFXnIpgDT1nx7gzGxvKslJWnO/Q1I1VarwxF:v6wxdIpgDRlgixvKIJWl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
libzmq.dll

Files

libzmq.dll
.dll windows:5 windows x64 arch:x64

c5ea6ba0ab3ec56c1ab480c331017a90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\zeromq-4.1.6\bin\x64\Release\v100\dynamic\libzmq.pdb

Imports

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

ws2_32

connect
listen
getsockname
bind
htons
htonl
freeaddrinfo
getaddrinfo
getsockopt
WSAIoctl
ntohs
WSAStartup
WSACleanup
accept
recv
send
closesocket
select
__WSAFDIsSet
getpeername
getnameinfo
setsockopt
ioctlsocket
socket
WSAGetLastError

kernel32

GetCurrentThreadId
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
Sleep
WaitForSingleObject
CloseHandle
GetCurrentProcessId
TryEnterCriticalSection
SetHandleInformation
GetLastError
FormatMessageA
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetProcAddress

msvcp100

??_7ios_base@std@@6B@
??1_Container_base12@std@@QEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_BADOFF@std@@3_JB
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

msvcr100

_malloc_crt
_initterm
_lock
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__clean_type_info_names_internal
_onexit
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??3@YAXPEAX@Z
memcmp
memcpy
memmove
??2@YAPEAX_K@Z
_CxxThrowException
??0exception@std@@QEAA@AEBV01@@Z
__CxxFrameHandler3
_errno
strerror
fprintf
__iob_func
malloc
free
_purecall
realloc
puts
strncmp
rand
memchr
memset
isdigit
strrchr
isxdigit
isalnum
atoi
_beginthreadex
__C_specific_handler
_unlock
__dllonexit

Exports

Exports

??0_Mutex@std@@QEAA@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
zmq_bind
zmq_close
zmq_connect
zmq_ctx_destroy
zmq_ctx_get
zmq_ctx_new
zmq_ctx_set
zmq_ctx_shutdown
zmq_ctx_term
zmq_curve_keypair
zmq_device
zmq_disconnect
zmq_errno
zmq_getsockopt
zmq_has
zmq_init
zmq_msg_close
zmq_msg_copy
zmq_msg_data
zmq_msg_get
zmq_msg_gets
zmq_msg_init
zmq_msg_init_data
zmq_msg_init_size
zmq_msg_more
zmq_msg_move
zmq_msg_recv
zmq_msg_send
zmq_msg_set
zmq_msg_size
zmq_poll
zmq_proxy
zmq_proxy_steerable
zmq_recv
zmq_recviov
zmq_recvmsg
zmq_send
zmq_send_const
zmq_sendiov
zmq_sendmsg
zmq_setsockopt
zmq_sleep
zmq_socket
zmq_socket_monitor
zmq_stopwatch_start
zmq_stopwatch_stop
zmq_strerror
zmq_term
zmq_threadclose
zmq_threadstart
zmq_unbind
zmq_version
zmq_z85_decode
zmq_z85_encode

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5ea6ba0ab3ec56c1ab480c331017a90

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ws2_32

kernel32

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 219KB - Virtual size: 218KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 219KB - Virtual size: 218KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB