944f18b27b6b27b69076231b0c07ae5976b1846caf37e63c79a50d28e1c80645

Sharing

Copy URL Twitter E-mail

General

Target

944f18b27b6b27b69076231b0c07ae5976b1846caf37e63c79a50d28e1c80645
Size

597KB
MD5

64e7344c5beb910bc6ffcdc9b3b7c726
SHA1

90bb5a7632e0e05f1d17618275933d5e60a6798b
SHA256

944f18b27b6b27b69076231b0c07ae5976b1846caf37e63c79a50d28e1c80645
SHA512

2f73306874f770d2a1cbed7ce04e9948134beaf0a63defac78ab1a91c6542afe17750ebb8d0d344d336bcb223d73e8b5df4193990fba03eed492febf72a385de
SSDEEP

12288:VkULAp90KfPBcgJ/aHoQiOw5w7wYIqsmH0:IHaHKx5GwYIxmH0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
944f18b27b6b27b69076231b0c07ae5976b1846caf37e63c79a50d28e1c80645

Files

944f18b27b6b27b69076231b0c07ae5976b1846caf37e63c79a50d28e1c80645
.dll windows:6 windows x86 arch:x86

802b434d9a32e7ab2cba797c86d259d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\git\kp2pserver\bin\win32\RelWithDebInfo\IOTLink.pdb

Imports

arq

arq_release
arq_send
arq_send_priority
arq_add_conn
arq_del_conn
arq_set_recvbuf_size
arq_create

ws2_32

inet_addr
ntohl
htonl
getaddrinfo
freeaddrinfo
closesocket
connect
getsockname
htons
socket
__WSAFDIsSet
bind
recvfrom
select
WSACleanup
WSAStartup
gethostbyname
ntohs
inet_ntoa
WSAGetLastError
send
recv
setsockopt
sendto

libpthread

pthread_detach
pthread_mutex_destroy
pthread_exit
pthread_attr_init
pthread_mutex_unlock
pthread_mutex_lock
pthread_mutex_init
pthread_attr_setstacksize
pthread_join
pthread_create
pthread_attr_destroy
pthread_self

kernel32

SetLastError
SetEndOfFile
ReadConsoleW
ReadFile
HeapSize
RaiseException
SetFilePointerEx
CreateFileW
GetStringTypeW
FlushFileBuffers
GetFileAttributesExW
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
DecodePointer
EncodePointer
HeapReAlloc
GetConsoleMode
GetConsoleCP
WriteFile
SetStdHandle
GetACP
GetCurrentThread
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FormatMessageA
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetSystemTime
Sleep
GetTickCount
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
WriteConsoleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
HeapFree
HeapAlloc
OutputDebugStringA

Exports

Exports

IOT_Deinit
IOT_GetLastError
IOT_GetLinkHdrSize
IOT_GetVersion
IOT_Init
IOT_LINK_Close
IOT_LINK_Connect
IOT_LINK_Create
IOT_LINK_GetConnInfo
IOT_LINK_Send
IOT_SearchDeviceStart
IOT_SearchDeviceStop
IOT_SetBandwithStatInterval
IOT_SetClientInfo
IOT_SetForceTcp
IOT_SetHole
IOT_SetLinkType
IOT_SetLog
IOT_SetNgw
IOT_SetP2PSvr
IOT_SetPingPong
IOT_SetTurnSvr
IOT_Strerror
IOT_UpdatePeerInfo
_kcJSON_AddItemReferenceToArray@8
_kcJSON_AddItemReferenceToObject@12
_kcJSON_AddItemToArray@8
_kcJSON_AddItemToObject@12
_kcJSON_AddItemToObjectCS@12
_kcJSON_CreateArray@0
_kcJSON_CreateBool@4
_kcJSON_CreateDoubleArray@8
_kcJSON_CreateFalse@0
_kcJSON_CreateFloatArray@8
_kcJSON_CreateIntArray@8
_kcJSON_CreateNull@0
_kcJSON_CreateNumber@8
_kcJSON_CreateObject@0
_kcJSON_CreateRaw@4
_kcJSON_CreateString@4
_kcJSON_CreateStringArray@8
_kcJSON_CreateTrue@0
_kcJSON_Delete@4
_kcJSON_DeleteItemFromArray@8
_kcJSON_DeleteItemFromObject@8
_kcJSON_DetachItemFromArray@8
_kcJSON_DetachItemFromObject@8
_kcJSON_Duplicate@8
_kcJSON_GetArrayItem@8
_kcJSON_GetArraySize@4
_kcJSON_GetErrorPtr@0
_kcJSON_GetObjectItem@8
_kcJSON_GetObjectItemCaseSensitive@8
_kcJSON_HasObjectItem@8
_kcJSON_InitHooks@4
_kcJSON_InsertItemInArray@12
_kcJSON_IsArray@4
_kcJSON_IsBool@4
_kcJSON_IsFalse@4
_kcJSON_IsInvalid@4
_kcJSON_IsNull@4
_kcJSON_IsNumber@4
_kcJSON_IsObject@4
_kcJSON_IsRaw@4
_kcJSON_IsString@4
_kcJSON_IsTrue@4
_kcJSON_Minify@4
_kcJSON_Parse@4
_kcJSON_ParseWithOpts@12
_kcJSON_Print@4
_kcJSON_PrintBuffered@12
_kcJSON_PrintPreallocated@16
_kcJSON_PrintUnformatted@4
_kcJSON_ReplaceItemInArray@12
_kcJSON_ReplaceItemInObject@12
_kcJSON_SetNumberHelper@12
_kcJSON_Version@0
iot_msleep
iot_mtimer
iot_mtimer_now
iot_mtimer_reset
iot_mtimer_timeout
iot_sleep
iot_sleep_canbreak
iot_timer
iot_timer_now
iot_timer_reset
iot_timer_timeout

Sections

.text
Size: 509KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

802b434d9a32e7ab2cba797c86d259d8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

arq

ws2_32

libpthread

kernel32

Exports

Exports

Sections

.text Size: 509KB - Virtual size: 509KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 3KB - Virtual size: 10KB

.idata Size: 4KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 509KB - Virtual size: 509KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 3KB - Virtual size: 10KB

.idata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB