556c228ad6c1537cddb1e1cadf08a9510fae0051c82001f29471aaac9b961e2f

Sharing

Copy URL Twitter E-mail

General

Target

556c228ad6c1537cddb1e1cadf08a9510fae0051c82001f29471aaac9b961e2f
Size

253KB
MD5

fe73802a4bfacce1119542996defb5ac
SHA1

103921bfa34bdef463033182043a3cc6b2dd1156
SHA256

556c228ad6c1537cddb1e1cadf08a9510fae0051c82001f29471aaac9b961e2f
SHA512

046003634462a6dbe94ce6c6587454d92133d2d2214b1b2b1bb691e943425c733f99b613e96a09471f9b959c86d96411b0edcf8f5143e9a86e037521aa2b8a9d
SSDEEP

6144:Ec80vC4yONLolOPTpdxeonljeYa8Bgk1vO10:Ec2eBVdlljeYa87

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
556c228ad6c1537cddb1e1cadf08a9510fae0051c82001f29471aaac9b961e2f

Files

556c228ad6c1537cddb1e1cadf08a9510fae0051c82001f29471aaac9b961e2f
.dll windows:5 windows x64 arch:x64

960b892ba96a6d5b95ccb0c5b6148ad2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\kfcs\tags\KFCS_Fund_Dev_4.3.1_20240531\lbmsrc\lbm_fcs\lbm_fcs_query\oracle_release\lbm_fcs_query.pdb

Imports

generallbmapi_oracle_release

?Init@CKcpdResults@@QEAA_NPEADPEBDH@Z
?_PrintStatus@CKcpdResults@@QEAAHPEAD@Z
?GetValue@CKcpdResults@@QEAAPEADPEBDPEADH@Z
?GetValue@CKcpdResults@@QEAAHPEBDAEAH@Z
?GetValue@CKcpdResults@@QEAADPEBDAEAD@Z
??1CKcpdResults@@UEAA@XZ
??0CKcpdResults@@QEAA@XZ
?TsRaiseException@CKCBPTransfer@@UEAAXHHPEBD0@Z
?DbRaiseException@CKcpdDblib@@UEAAXHHPEBD0@Z
?Commit@CKcpdDblib@@QEAAHXZ
?MakeResultSet@CKcpdResults@@QEAAHPEBDPEAD@Z
?MakeResultSet@CKcpdResults@@QEAAHAEAVkcpd_stream@@PEBD@Z
?MakeResultSetHead@CKcpdResults@@QEAAHHPEBD0@Z
?GetValue@CKcpdResults@@QEAANPEBDAEAN@Z
?TryGetValue@CKcpdResults@@QEAA_NPEBDAEAH@Z
?TryGetValue@CKcpdResults@@QEAA_NPEBDPEADH@Z
?RollbackTran@CKcpdDblib@@QEAAHPEBD@Z
?IsExistTran@CKcpdDblib@@QEAAHXZ
?GetDbmsVersion@CKcpdDblib@@QEAA?AW4kcpd_dbms_type@@XZ
?RsRaiseException@CKcpdResults@@UEAAXHHPEBD0@Z
?Exit@CKcpdResults@@QEAAXXZ
?SetLbmError@CKcpdResults@@QEAAHHHHPEBDH00@Z
?SetLbmSucc@CKcpdResults@@QEAAHPEBDHH@Z
?BpGetSystemParam@CKcpdResults@@QEAAHHPEADH@Z
?GetKcpdConnect@CKcpdDblib@@QEAAAEAVkcpd_connect@@XZ
??4CKcpdResults@@QEAAAEAV0@AEBV0@@Z
??0CKcpdResults@@QEAA@AEBV0@@Z

kernel32

TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess

msvcp90

??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@H@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2_KB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KAEBV12@_K@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@_K0AEBV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@PEBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAXXZ

oci

OCILobLocatorIsInit
OCILobRead
OCILobWrite
OCITransCommit
OCIParamGet
OCIDefineByPos
OCIBindByName
OCIServerAttach
OCIEnvCreate
OCIDescriptorAlloc
OCISessionBegin
OCISessionEnd
OCIHandleAlloc
OCIServerDetach
OCIStmtPrepare
OCIStmtExecute
OCIAttrGet
OCIDescriptorFree
OCIStmtFetch
OCIErrorGet
OCIAttrSet
OCIHandleFree

kcpd_lbm_logwrite

KcpdUserLbmWriteLog
KcpdGetLbmWriteLogLevel
KcpdUseKcbpWriteLog

lbmapi

KCBP_RsSetVal
KCBP_RsSaveRow
KCBP_RsNewTable
KCBP_RsAddRow
KCBP_RsSetCol

msvcr90

_encoded_null
_decode_pointer
_amsg_exit
__CppXcptFilter
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_unlock
__dllonexit
_lock
_onexit
floor
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
free
strncmp
_stricmp
_ftime64
__RTtypeid
_snprintf_s
??2@YAPEAX_K@Z
_time64
strncpy_s
atof
strcat_s
_localtime64
strftime
??3@YAXPEAX@Z
_purecall
strcpy_s
??_V@YAXPEAX@Z
_invalid_parameter_noinfo
atoi
_atoi64
sprintf_s
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@XZ
_initterm_e
_initterm
_malloc_crt
_encode_pointer
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
__clean_type_info_names_internal
__C_specific_handler
?terminate@@YAXXZ
_vsnprintf_s
toupper
memmove_s
sprintf
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
isalnum

Exports

Exports

Fcs_ExecOracleProc
Fcs_QueryGZbondReport
Fcs_QueryOracleProcParam
LBM_HeartBeat

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

960b892ba96a6d5b95ccb0c5b6148ad2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

generallbmapi_oracle_release

kernel32

msvcp90

oci

kcpd_lbm_logwrite

lbmapi

msvcr90

Exports

Exports

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB