349e45eb4e07523df7a0e48e41ff4d8db2147223d265477d8b4aa3bcf6fabe76

Sharing

Copy URL Twitter E-mail

General

Target

349e45eb4e07523df7a0e48e41ff4d8db2147223d265477d8b4aa3bcf6fabe76
Size

1.2MB
MD5

742c8f765364a721637c46995f88c00e
SHA1

e28065fe4de4c7074741b6fcf8ca8379005dcc11
SHA256

349e45eb4e07523df7a0e48e41ff4d8db2147223d265477d8b4aa3bcf6fabe76
SHA512

a846e1ccd41eef5ab5badfc537e7ec346d0597ebe0b4bc2e82178174d27bdec8be2ce7ee7dbec6bd2db19b4de08bf2163bf8a1aee58c8b531ac1ffdde31b0da9
SSDEEP

24576:qjZxP4NKarRlYvSeCnB5a6CKxMmuX6w55syzIgK8nnvQqh/jUU:sTS/nB/MmU6aeR0oijUU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
349e45eb4e07523df7a0e48e41ff4d8db2147223d265477d8b4aa3bcf6fabe76

Files

349e45eb4e07523df7a0e48e41ff4d8db2147223d265477d8b4aa3bcf6fabe76
.dll windows:5 windows x86 arch:x86

924ea1cd21e529e2e385bb44f8e8d32e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\ade\jenkins\workspace\8-2-build-windows-i586-cygwin\jdk8u241\331\build\windows-i586\deploy\tmp\deploy\plugin\npdeployJava1\obj\npdeployJava1.pdb

Imports

urlmon

CoInternetCreateSecurityManager
IsValidURL

wininet

InternetTimeToSystemTimeW
HttpQueryInfoW
HttpSendRequestW
InternetReadFile
InternetConnectW
InternetOpenW
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
InternetCrackUrlW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceW
GetEnvironmentVariableW
GetLocaleInfoW
SetEvent
GetCurrentThreadId
CloseHandle
CreateEventW
lstrlenW
lstrcmpW
MulDiv
GetModuleFileNameW
GlobalUnlock
GlobalLock
SetLastError
GlobalFree
GlobalHandle
LockResource
LoadResource
WriteFile
SetEndOfFile
SetFilePointer
CompareFileTime
SystemTimeToFileTime
Sleep
GetFileSize
CreateFileW
ReleaseMutex
GetDiskFreeSpaceW
DeleteFileW
MultiByteToWideChar
lstrlenA
GetTempFileNameW
GetTempPathW
GetProcAddress
GetExitCodeProcess
GetThreadLocale
CreateMutexW
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleHandleW
lstrcmpiW
FreeLibrary
SizeofResource
LoadLibraryExW
FindClose
FindFirstFileW
GetFullPathNameW
GetFileAttributesW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetWindowsDirectoryW
GetShortPathNameW
MoveFileExW
FindNextFileW
CopyFileW
GetSystemDirectoryW
GetSystemTime
LoadLibraryW
TerminateProcess
OpenProcess
GetSystemWow64DirectoryW
RemoveDirectoryW
LocalFree
CreateProcessW
ExpandEnvironmentStringsW
GetLastError
SetFileAttributesW
WideCharToMultiByte
CreateThread
GetLongPathNameW
GlobalMemoryStatusEx
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
GetNativeSystemInfo
LocalAlloc
FormatMessageW
WTSGetActiveConsoleSessionId
GetLocalTime
GetSystemWindowsDirectoryW
GetModuleHandleExW
OutputDebugStringW
GetCurrentProcessId
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LCMapStringW
GetCommandLineA
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCPInfo
ExitThread
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedDecrement
InterlockedIncrement
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
CompareStringW
SetStdHandle
WriteConsoleW
GetProcessHeap
CreateFileA
GetFullPathNameA
InterlockedPushEntrySList
GetStdHandle
HeapReAlloc
HeapSize
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
FatalAppExitA
GetConsoleCP
GetConsoleMode
GetFileInformationByHandle
PeekNamedPipe
GetFileType
SetHandleCount
GetStartupInfoW
FlushFileBuffers
ReadFile
GetACP
GetOEMCP
IsValidCodePage
SetEnvironmentVariableA
VirtualFree
VirtualAlloc
GetModuleFileNameA
QueryPerformanceCounter
GetTickCount
GetUserDefaultLCID
GetLocaleInfoA
InterlockedPopEntrySList
LoadLibraryA
HeapCreate
CreateDirectoryW
HeapDestroy

psapi

GetProcessImageFileNameA
EnumProcesses

user32

UpdateWindow
GetShellWindow
GetWindowThreadProcessId
OpenInputDesktop
CloseDesktop
GetCursorPos
PtInRect
SetCursor
wsprintfA
wsprintfW
DialogBoxParamW
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SendDlgItemMessageW
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
GetFocus
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
GetParent
IsChild
DrawTextW
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
MoveWindow
CharNextW
MapDialogRect
SendMessageW
SetWindowContextHelpId
GetWindow
SetWindowPos
CreateWindowExW
MessageBoxW
GetDlgCtrlID
LoadBitmapW
GetClientRect
EndDialog
PostMessageW
LoadStringW
SetWindowTextW
GetActiveWindow
DefWindowProcW
GetDlgItem
EnableWindow
KillTimer
SetTimer
GetWindowLongW
SetWindowLongW
MsgWaitForMultipleObjectsEx
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageW
FrameRect
SetCapture
UnregisterClassA
GetSysColor

gdi32

SetBkMode
SetTextColor
SaveDC
DeleteDC
DeleteObject
BitBlt
CreateCompatibleBitmap
SelectObject
GetStockObject
GetObjectW
CreateCompatibleDC
StretchBlt
RestoreDC
CreateFontIndirectW
DPtoLP
GetDeviceCaps
SetWindowOrgEx
SetViewportOrgEx
ModifyWorldTransform
SetGraphicsMode
CreateSolidBrush

wsock32

gethostbyaddr
ioctlsocket
inet_addr
gethostbyname

comctl32

ord17

imagehlp

ImageLoad
ImageUnload

ole32

StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoFreeUnusedLibraries
StringFromCLSID
CoTaskMemAlloc

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringByteLen
VariantChangeType
CreateErrorInfo
GetErrorInfo
SetErrorInfo
SysAllocString

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 345KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

924ea1cd21e529e2e385bb44f8e8d32e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

wininet

version

kernel32

psapi

user32

gdi32

wsock32

comctl32

imagehlp

ole32

oleaut32

Exports

Exports

Sections

.text Size: 452KB - Virtual size: 451KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 13KB - Virtual size: 21KB

.rsrc Size: 253KB - Virtual size: 253KB

.reloc Size: 345KB - Virtual size: 348KB

.text
Size: 452KB - Virtual size: 451KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 13KB - Virtual size: 21KB

.rsrc
Size: 253KB - Virtual size: 253KB

.reloc
Size: 345KB - Virtual size: 348KB