daa5550cbe8901d28583414139d57c0256eb7219d916d7922f33bc717a25051a

Sharing

Copy URL Twitter E-mail

General

Target

daa5550cbe8901d28583414139d57c0256eb7219d916d7922f33bc717a25051a
Size

934KB
MD5

8bc9ed549752d5e60c5abeb38b07fd6f
SHA1

84f295aa104fca18b14765c0c60c0f19d85ac3fc
SHA256

daa5550cbe8901d28583414139d57c0256eb7219d916d7922f33bc717a25051a
SHA512

f0a62f07eac9bc7071f19eaa35a4667643e4e1f26edb8696501c4a81db2fb7d0a9e7c2b9930ca18f8375d160b1071006868ebf86553a077679feb01cf5d9a9a4
SSDEEP

24576:oH0BETePG4//79NyxS1bh7IDpthyhtZ2sS/KscQTAmffmg0V:oiETePG4//JQuh7IDtyhtZ2dKw/ffmgC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
daa5550cbe8901d28583414139d57c0256eb7219d916d7922f33bc717a25051a

Files

daa5550cbe8901d28583414139d57c0256eb7219d916d7922f33bc717a25051a
.dll windows:6 windows x86 arch:x86

7f186f3eedb166be59afb1d4b48cac03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\WorkSpace\workspace\lib_IphoneDataRecoveryPackageForWin\branches\2.0\bin\x86\Release\lib_package_data_sdk.pdb

Imports

tslogsdk

LogEx
InitLogEx
Log

lib_tssqlitesdk

Stop
InitSqliteSDK
UninitSqliteSDK
Scan

tsdatapackagesdk

InitTSDataPackage
TSDataPackageStop
TSDataPackageEx
TSDataPackageNew
TSDataFilter

sqlite3

sqlite3_finalize
sqlite3_column_text
sqlite3_next_stmt
sqlite3_step
sqlite3_errmsg
sqlite3_prepare_v2
sqlite3_close
sqlite3_open16
sqlite3_exec
sqlite3_column_int
sqlite3_busy_handler

kernel32

LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
HeapSize
SetStdHandle
GetTimeZoneInformation
GetLastError
GetProcAddress
LoadLibraryExW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
Sleep
HeapReAlloc
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
DuplicateHandle
SwitchToThread
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
FormatMessageW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetStringTypeW
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetEnvironmentVariableW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleCP
GetFileSizeEx
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap

Exports

Exports

AddBackupFolder
AddPackageFile
AddPackageFileFinish
AddPhotoBackupFolder
AddTypeBackupFolder
AddTypeNeedScan
AddVoiceMemosBackupFolder
InitPackageData
StartPackage
StopPackage
UninitPackageData

Sections

.text
Size: 684KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f186f3eedb166be59afb1d4b48cac03

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

tslogsdk

lib_tssqlitesdk

tsdatapackagesdk

sqlite3

kernel32

Exports

Exports

Sections

.text Size: 684KB - Virtual size: 684KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 48KB - Virtual size: 53KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 684KB - Virtual size: 684KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 48KB - Virtual size: 53KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 45KB - Virtual size: 44KB