0d3bb7690ce10e1e254fc3fe626c03ac31ce30c863e4e04a82a47e845fe176c6

Sharing

Copy URL

Twitter E-mail

General

Target

0d3bb7690ce10e1e254fc3fe626c03ac31ce30c863e4e04a82a47e845fe176c6
Size

6.3MB
MD5

47bd2e143bcf4ba91efc7baacc5cbf35
SHA1

2231cdc018e3eb0946a6446812f58ca417e1206a
SHA256

0d3bb7690ce10e1e254fc3fe626c03ac31ce30c863e4e04a82a47e845fe176c6
SHA512

fa29687247006292815ac5be5aafe3bf322eb0ae2777f39745e99062c47dfe29451e4be50afcf6444fe412fe261d2a3ebd5a7b065c162deed77bfa6a99b20edd
SSDEEP

98304:A0T0YKHQL6yIsq7EBuDR8ieYJz7U3aIpIDJ/DzCg4G+1U5SdCNcB/:A0NKHQL6yLBuGieUz7UqRzW1V4C/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d3bb7690ce10e1e254fc3fe626c03ac31ce30c863e4e04a82a47e845fe176c6

Files

0d3bb7690ce10e1e254fc3fe626c03ac31ce30c863e4e04a82a47e845fe176c6
.dll windows:5 windows x86 arch:x86

f72630c53bf58909965fde71658a6aef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\workspace\ci.MessageSdk.build\qtc_out\windows_x86_release_shared\MessageSDKBiz.dll.pdb

Imports

aim

SetupGaeaOverAccsContext

peregrine_lite

?DlFree@file@prglite@@YAHABQAX@Z
?DlFunc@file@prglite@@YAPAXABQAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?DlLoad@file@prglite@@YAPAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?CleanUp@Thread@prglite@@MAEXXZ
?RecursiveCreatePath@file@prglite@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?WideToUtf8@prglite@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?Utf8ToWide@prglite@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?SpliteString@prglite@@YA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@D@Z
?JsonStringToJson@json_internal@prglite@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$GenericValue@U?$UTF8@D@prglite_rapidjson@@VCrtAllocator@2@@prglite_rapidjson@@@Z
?JsonUpdateValue@json_internal@prglite@@YA_NAAV?$GenericValue@U?$UTF8@D@prglite_rapidjson@@VCrtAllocator@2@@prglite_rapidjson@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@PAV34@@Z
?JsonResetValue@json_internal@prglite@@YA_NAAV?$GenericValue@U?$UTF8@D@prglite_rapidjson@@VCrtAllocator@2@@prglite_rapidjson@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z
?JsonGetValue@json_internal@prglite@@YA_NABV?$GenericValue@U?$UTF8@D@prglite_rapidjson@@VCrtAllocator@2@@prglite_rapidjson@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?JoinString@prglite@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@3@ABV23@@Z
?ThreadMain@Thread@prglite@@MAEXXZ
?IsFileExist@file@prglite@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetThreadID@Thread@prglite@@QBE?BVid@thread@std@@XZ
?Start@Thread@prglite@@QAE_NXZ
??1Thread@prglite@@UAE@XZ
?Initialize@Thread@prglite@@MAEXXZ
??0Thread@prglite@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?PostTask@MessageLoop@prglite@@QAEXABV?$shared_ptr@UTaskClosureInner@prglite@@@std@@@Z
?JsonToJsonString@json_internal@prglite@@YA_NABV?$GenericValue@U?$UTF8@D@prglite_rapidjson@@VCrtAllocator@2@@prglite_rapidjson@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?RecursiveRemoveDir@file@prglite@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?IsPathExist@file@prglite@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FunctionBaseName@log@prglite@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z
?FileBaseName@log@prglite@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z
?FormatString@prglite@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDZZ

messagesdkmodel

?GetModLoginMgr@@YA?AV?$shared_ptr@UIModLoginMgr@model@messagesdk@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@ABW4BizChannelType@messagesdk@@@Z
?GetModelGroupMgr@@YA?AV?$shared_ptr@VIModelGroupMgr@model@messagesdk@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@ABW4BizChannelType@messagesdk@@@Z
?GetModelProfileMgr@@YA?AV?$shared_ptr@VIModelProfileMgr@model@messagesdk@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@ABW4BizChannelType@messagesdk@@@Z
?GetModelMessageMgr@@YA?AV?$shared_ptr@VIModelMessageMgr@model@messagesdk@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@ABW4BizChannelType@messagesdk@@@Z
?GetModelMgr@@YAPAVIModelMgr@model@messagesdk@@XZ
?GetModelConfigMgr@@YA?AV?$shared_ptr@VIModelConfigMgr@model@messagesdk@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z

msvcp140

?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
_Query_perf_frequency
_Query_perf_counter
?_Xinvalid_argument@std@@YAXPBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Xtime_get_ticks
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
__RTDynamicCast
__std_exception_destroy
__std_exception_copy
memset
memmove
memcpy
memcmp
memchr
_purecall
_CxxThrowException
__std_terminate
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initterm
_initterm_e
_errno
_register_onexit_function
_crt_at_quick_exit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_cexit
terminate
_crt_atexit
_getpid

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
free
malloc
calloc

api-ms-win-crt-string-l1-1-0

isdigit
isspace

api-ms-win-crt-time-l1-1-0

strftime
_gmtime64

api-ms-win-crt-convert-l1-1-0

strtold
strtoll
strtoull

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

_except1

kernel32

TerminateProcess
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetCurrentProcess
GetModuleHandleW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent

Exports

Exports

?GetCustomConfigMgr@@YA?AV?$shared_ptr@VIConfigMgr@biz@messagesdk@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
?GetGlobalConfigMgr@@YA?AV?$shared_ptr@VIConfigMgr@biz@messagesdk@@@std@@XZ
?GetLoginMgr@@YA?AV?$shared_ptr@UILoginMgr@biz@messagesdk@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@ABW4BizChannelType@messagesdk@@@Z
?GetMessageSDKGroupMgr@@YA?AV?$shared_ptr@VIGroupMgr@biz@messagesdk@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@ABW4BizChannelType@messagesdk@@@Z
?GetMessageSDKMsgMgr@@YA?AV?$shared_ptr@VIMessageMgr@biz@messagesdk@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@ABW4BizChannelType@messagesdk@@@Z
?GetPersonalConfigMgr@@YA?AV?$shared_ptr@VIConfigMgr@biz@messagesdk@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?GetProfileMgr@IProfileMgr@messagesdk@@SA?AV?$shared_ptr@VIProfileMgr@messagesdk@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@H@Z
?IsEnable@log@messagesdk@@YA_NW4LogLevel@1prglite@@@Z
?Write@log@messagesdk@@YAXW4LogLevel@1prglite@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD2HABUTraceContent@14@@Z
GetMessageSDKBizMgr

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 654KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f72630c53bf58909965fde71658a6aef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

aim

peregrine_lite

messagesdkmodel

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 654KB - Virtual size: 655KB

.idata Size: 11KB - Virtual size: 11KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 261KB - Virtual size: 260KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 654KB - Virtual size: 655KB

.idata
Size: 11KB - Virtual size: 11KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 261KB - Virtual size: 260KB