sieafstandard_wjw[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

sieafstandard_wjw.dll
Size

340KB
MD5

404a7082098e1a44475ece59ff76ddcb
SHA1

5a7013300e36fb558e513e168540949bb17a9881
SHA256

72bd78f43abe87c7a7bc4d80ee0197dec32fcaee6ab7a069c28ec353557b47b0
SHA512

a58a3d5e3b14b0c5b13c62d8c1a3bbca511332069aabe407c9f88a7409e9c662df366a0325b0ff77f519045fe61490e7eebfc5bfa2c6ce2d2fa3c9486658316a
SSDEEP

3072:e3XXuwc8cED6Jg0M6jNe96adHioS+LUfT9mrNllx03PsqF0tR2H6b2usKP3Xg9Ig:706G7hLMZCHP2KG6bvPO2frOSW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sieafstandard_wjw.dll

Files

sieafstandard_wjw.dll
.dll windows:4 windows x86 arch:x86

97755b54f2565a669d15efc166d93b43

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\yyt\bin\release\sieafstandard_wjw.pdb

Imports

mfc80u

ord1197
ord1087
ord1033
ord1079
ord1199
ord765
ord6751
ord1093
ord371
ord1908
ord1162
ord1115
ord581
ord1200
ord314
ord1170
ord1168
ord4320
ord764
ord2009
ord1007
ord5096
ord566
ord762
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord3824
ord757
ord3677
ord266
ord265
ord315
ord1192

msvcr80

_malloc_crt
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
memcpy_s
memmove_s
sprintf_s
strpbrk
sscanf
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
__clean_type_info_names_internal
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
malloc
free
memcpy
memset
swscanf_s
_purecall
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3

kernel32

FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
WriteFile
CloseHandle
FindResourceExW
LocalFree
LocalAlloc
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
DeleteFileW
CreateDirectoryW
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetLocalTime

user32

UnregisterClassA

advapi32

ReportEventW
OpenEventLogW
CloseEventLog

shlwapi

PathIsDirectoryW
PathFileExistsW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
VariantClear
SysAllocString
SysStringLen

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??_D?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??0locale@std@@QAE@PBDH@Z
?close@?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEHPBGH@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
??1locale@std@@QAE@XZ
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QAE?AVlocale@2@ABV32@@Z

libcurl

curl_easy_perform
curl_slist_free_all
curl_slist_append
curl_easy_cleanup
curl_easy_setopt
curl_easy_init

xerces-c_2_680

?Initialize@XMLPlatformUtils@xercesc_2_6@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@@Z
?fgXercescDefaultLocale@XMLUni@xercesc_2_6@@2QBDB
?Terminate@XMLPlatformUtils@xercesc_2_6@@SAXXZ
?transcode@XMLString@xercesc_2_6@@SAPAGQBD@Z
?encode@Base64@xercesc_2_6@@SAPAEQBEIPAIQAVMemoryManager@2@@Z
?release@XMLString@xercesc_2_6@@SAXPAPAD@Z
?decode@Base64@xercesc_2_6@@SAPAEQBEPAIQAVMemoryManager@2@W4Conformance@12@@Z
?transcode@XMLString@xercesc_2_6@@SAPADQBG@Z

Exports

Exports

CheckDll
authorization
business_handle

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97755b54f2565a669d15efc166d93b43

Headers

File Characteristics

PDB Paths

Imports

mfc80u

msvcr80

kernel32

user32

advapi32

shlwapi

ole32

oleaut32

msvcp80

libcurl

xerces-c_2_680

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 215KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 4KB - Virtual size: 85KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 60KB - Virtual size: 58KB

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 4KB - Virtual size: 85KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 60KB - Virtual size: 58KB