44e8b44320773bb2a83552e2d946b4bb962cb1770b16f5132170a0fdd58792a0

Sharing

Copy URL Twitter E-mail

General

Target

44e8b44320773bb2a83552e2d946b4bb962cb1770b16f5132170a0fdd58792a0
Size

201KB
MD5

c9d02cddc7bfb38c123ad3e5d0ed8a5c
SHA1

3f70d4db49f0462ca3c9c16ad7484526db8a7de7
SHA256

44e8b44320773bb2a83552e2d946b4bb962cb1770b16f5132170a0fdd58792a0
SHA512

d44b46446290972dee259acfb5f8792163f06eb280b453b4a9f6f5163b1b754dc905ce6d02c1696300bb20c622a2c89aef9ecc862ed3d46f8067f2485e0eeb54
SSDEEP

3072:kGaI+LcrqppS12+GJzwfFe+7Yor8q2Kcc155mArczxpsuGf5+qf0:kP9LaqppS12jitZr8q2q7lc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44e8b44320773bb2a83552e2d946b4bb962cb1770b16f5132170a0fdd58792a0

Files

44e8b44320773bb2a83552e2d946b4bb962cb1770b16f5132170a0fdd58792a0
.dll windows:5 windows x86 arch:x86

07ff402bda5379de0cc281f3d64455dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build\xra_common\datacenter\Release_tjsd\DataCenterStub.pdb

Imports

kernel32

FindResourceW
FindResourceExW
GetLastError
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
GetModuleFileNameW
DecodePointer
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
SizeofResource
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadConsoleW
SetEndOfFile
WriteConsoleW
InitializeCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
HeapDestroy
LockResource
MultiByteToWideChar
GetFileSizeEx
GetLocalTime
CreateFileW
DeleteFileW
InterlockedExchange
GetCurrentThreadId
WriteFile
ReadFile
FlushFileBuffers
WaitForMultipleObjects
IsDebuggerPresent
OutputDebugStringW
GetCurrentProcess
InterlockedExchangeAdd
GetCurrentProcessId
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
LoadLibraryExW
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

user32

DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
GetWindowLongW
SetWindowLongW
LoadCursorW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
FindWindowW
UnregisterClassW
SendMessageTimeoutW
IsWindow

shell32

ord165
ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

shlwapi

PathCombineW
PathRemoveFileSpecW
PathFileExistsW
PathRenameExtensionW
StrStrIW
PathFindFileNameW
PathAppendW

ole32

CoInitializeEx

Exports

Exports

GetConfigCenter
GetConfigCenterEx

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07ff402bda5379de0cc281f3d64455dc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

shlwapi

ole32

Exports

Exports

Sections

.text Size: 142KB - Virtual size: 141KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 142KB - Virtual size: 141KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 8KB - Virtual size: 7KB