e2d344903b9f5bd1d001e8353b5a79d7c3ba34e3a13fdf50e6975e7e4990a546

Sharing

Copy URL Twitter E-mail

General

Target

e2d344903b9f5bd1d001e8353b5a79d7c3ba34e3a13fdf50e6975e7e4990a546
Size

1.1MB
MD5

25fe599c1f933b634f8c5c45908e3008
SHA1

786f33af8a60690b7d7ef96193dc9d81d79a11a2
SHA256

e2d344903b9f5bd1d001e8353b5a79d7c3ba34e3a13fdf50e6975e7e4990a546
SHA512

c6888b14a636924b55528ef3a3f72eb1b0cdff630e1fc55dbd9d44d577aa85b8c4d569299b7590df1457901ff5917bf0914535e3bb745c16eb0ff6e25c9e307e
SSDEEP

24576:ArTvT9jwn4ay9W+1Dc+N+dlVUPCESwR3P1TeswxFYSgRJ6H:ExYp+N+dMKESM38s+PcJ6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2d344903b9f5bd1d001e8353b5a79d7c3ba34e3a13fdf50e6975e7e4990a546

Files

e2d344903b9f5bd1d001e8353b5a79d7c3ba34e3a13fdf50e6975e7e4990a546
.dll regsvr32 windows:5 windows x86 arch:x86

aa7962a66bbaf1c3a21ab319a9413f7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\ade\jenkins\workspace\8-2-build-windows-i586-cygwin\jdk8u241\331\build\windows-i586\deploy\tmp\deployJava1\obj\deployJava1.pdb

Imports

urlmon

IsValidURL

wininet

InternetTimeToSystemTimeW
HttpQueryInfoW
HttpSendRequestW
InternetReadFile
InternetConnectW
InternetOpenW
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
InternetCrackUrlW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ord17

wsock32

ioctlsocket
inet_addr
gethostbyname
gethostbyaddr

imagehlp

ImageUnload
ImageLoad

psapi

GetProcessImageFileNameA
EnumProcesses

kernel32

TlsGetValue
TlsAlloc
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
CreateMutexW
CloseHandle
LocalAlloc
lstrlenW
FormatMessageW
GetLastError
EnterCriticalSection
LeaveCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceW
GetEnvironmentVariableW
GetLocaleInfoW
SetEvent
GetCurrentThreadId
CreateEventW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
SetLastError
GlobalFree
GlobalHandle
LockResource
LoadResource
WriteFile
SetEndOfFile
SetFilePointer
CompareFileTime
SystemTimeToFileTime
Sleep
GetFileSize
CreateFileW
ReleaseMutex
GetDiskFreeSpaceW
DeleteFileW
MultiByteToWideChar
lstrlenA
GetTempFileNameW
GetTempPathW
GetProcAddress
GetExitCodeProcess
GetThreadLocale
SizeofResource
GetModuleHandleW
lstrcmpiW
FindClose
FindFirstFileW
GetFullPathNameW
GetFileAttributesW
TlsSetValue
MapViewOfFile
CreateFileMappingW
GetWindowsDirectoryW
GetShortPathNameW
MoveFileExW
FindNextFileW
CopyFileW
FreeLibrary
LoadLibraryExW
GetSystemDirectoryW
GetSystemTime
LoadLibraryW
TerminateProcess
OpenProcess
GetSystemWow64DirectoryW
RemoveDirectoryW
LocalFree
CreateProcessW
ExpandEnvironmentStringsW
CreateDirectoryW
SetFileAttributesW
CreateThread
WideCharToMultiByte
GetLongPathNameW
GlobalMemoryStatusEx
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
GetNativeSystemInfo
WTSGetActiveConsoleSessionId
GetLocalTime
GetSystemWindowsDirectoryW
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleHandleExW
OutputDebugStringW
GetCurrentProcessId
LCMapStringW
GetCommandLineA
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCPInfo
ExitThread
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
RtlUnwind
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
FlushFileBuffers
ReadFile
SetEnvironmentVariableA
PeekNamedPipe
GetModuleFileNameA
QueryPerformanceCounter
GetTickCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetStdHandle
WriteConsoleW
GetProcessHeap
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
LoadLibraryA
GetStartupInfoW
SetHandleCount
UnmapViewOfFile
TlsFree
GetFileInformationByHandle
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
GetStdHandle
ExitProcess
HeapSize
HeapDestroy
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileType

user32

UnionRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
ShowWindow
GetShellWindow
GetWindowThreadProcessId
OpenInputDesktop
CloseDesktop
GetCursorPos
PtInRect
SetCursor
wsprintfA
wsprintfW
DialogBoxParamW
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SendDlgItemMessageW
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetFocus
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetParent
IsChild
GetKeyState
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
MoveWindow
CharNextW
GetSysColor
MapDialogRect
SendMessageW
SetWindowContextHelpId
GetWindow
SetWindowPos
MessageBoxW
GetDlgCtrlID
LoadBitmapW
GetClientRect
EndDialog
PostMessageW
LoadStringW
SetWindowTextW
GetActiveWindow
DefWindowProcW
GetDlgItem
EnableWindow
KillTimer
SetTimer
GetWindowLongW
SetWindowLongW
MsgWaitForMultipleObjectsEx
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageW
IsWindow
DestroyWindow
UnregisterClassA
SetCapture
CreateWindowExW

ole32

OleUninitialize
CoCreateInstance
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoFreeUnusedLibraries
StringFromCLSID
CreateOleAdviseHolder
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
WriteClassStm
OleSaveToStream
ReadClassStm
OleInitialize

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
LoadTypeLi
VariantInit
VariantClear
SysStringByteLen
VariantCopy
VariantChangeType
LoadRegTypeLi
SysAllocStringLen
OleCreateFontIndirect
VarUI4FromStr
OleCreatePropertyFrame
SysAllocString

gdi32

GetDeviceCaps
SetWindowOrgEx
SetViewportOrgEx
ModifyWorldTransform
SetGraphicsMode
SaveDC
DeleteDC
DPtoLP
StretchBlt
CreateCompatibleDC
GetObjectW
GetStockObject
SelectObject
CreateCompatibleBitmap
BitBlt
DeleteObject
RestoreDC
CreateSolidBrush
SetBkMode
SetTextColor
CreateRectRgnIndirect
CreateDCW
SetMapMode
LPtoDP
CreateFontIndirectW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 319KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa7962a66bbaf1c3a21ab319a9413f7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

wininet

version

comctl32

wsock32

imagehlp

psapi

kernel32

user32

ole32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 355KB - Virtual size: 355KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 21KB - Virtual size: 29KB

.rsrc Size: 260KB - Virtual size: 259KB

.reloc Size: 319KB - Virtual size: 320KB

.text
Size: 355KB - Virtual size: 355KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 21KB - Virtual size: 29KB

.rsrc
Size: 260KB - Virtual size: 259KB

.reloc
Size: 319KB - Virtual size: 320KB