2cf139b442dced8ada5fc9a29a15249f7ee008f5200b0a5ee6b9364e561f90cf

Sharing

Copy URL Twitter E-mail

General

Target

2cf139b442dced8ada5fc9a29a15249f7ee008f5200b0a5ee6b9364e561f90cf
Size

392KB
MD5

11af0c2a57b01a5c609f0fa293736334
SHA1

5417b0e7d0269ca7e52d564902d7c16928a9f10b
SHA256

2cf139b442dced8ada5fc9a29a15249f7ee008f5200b0a5ee6b9364e561f90cf
SHA512

775cff0da0a12271da6b35a617f68a4a31ae0c20ad8ac23e38caf783b9aa20040b2eeae11d30894ca6ee4f920eb3431add589d884fd44cf5917fd33ab0a4637d
SSDEEP

12288:6Js5H4LPaBm5tA+88YCYQab0//DQqajxjQIEx7V0L7rh:6Js5Yem5t4mkqaj6IENVWfh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cf139b442dced8ada5fc9a29a15249f7ee008f5200b0a5ee6b9364e561f90cf

Files

2cf139b442dced8ada5fc9a29a15249f7ee008f5200b0a5ee6b9364e561f90cf
.dll windows:4 windows x86 arch:x86

6b24dcf5e5bb6f7a4c0ea90525454ce8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Project\MainProfileLast\obj\DataBroker\DllRelease\DataBroker.pdb

Imports

kernel32

FreeLibrary
LoadLibraryA
ExitProcess
HeapAlloc
RtlUnwind
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
GetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InterlockedExchange
VirtualQuery
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
InitializeCriticalSection
VirtualProtect
GetSystemInfo
GetTimeZoneInformation
SetStdHandle
HeapSize
FlushFileBuffers
CloseHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
ReadFile
CreateThread
ExitThread
ReleaseSemaphore
CreateSemaphoreA
Sleep
SetEvent
CreateEventA
QueryPerformanceFrequency
GetLocalTime
GetExitCodeThread
TerminateThread
SetThreadAffinityMask
SwitchToThread
WaitForSingleObject
SetThreadPriority
ResumeThread
InterlockedCompareExchange
GetProcessAffinityMask
GlobalAlloc
GlobalFree
GetSystemDirectoryA
SetEndOfFile

parsedatapacket

_DataPacket_Parse@4

srvdepresource

_SrvDepResource_GetParamForServerByFriendlyName@8
_SrvDepResource_GetParamForServer@8
_SrvDepResource_ParseSysInfo@8

iphlpapi

GetNetworkParams

ws2_32

gethostname
listen
accept
WSAStartup
ntohl
WSACleanup
__WSAFDIsSet
sendto
ioctlsocket
shutdown
socket
setsockopt
bind
getsockname
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
closesocket
recv
send
select
connect
recvfrom

wininet

InternetCloseHandle
InternetAttemptConnect

Exports

Exports

DataBroker_LogInit
SYNCSOCK_TI_Create
SYNCSOCK_TI_GetSocket
VNDP_TI_ReadDataDirect
VNDP_TI_Release
VNDP_TI_TestConnected
VNDP_TI_TestReadable
VNDP_TI_TestWritable
VNDP_TI_WriteDataDirect
_DataBroker_CheckIfLive@4
_DataBroker_Connect@4
_DataBroker_CreateConnection@8
_DataBroker_CreateInput@8
_DataBroker_CreateInputEx@8
_DataBroker_DeleteConnection@8
_DataBroker_DeleteInput@4
_DataBroker_DeleteInputEx@8
_DataBroker_Disconnect@4
_DataBroker_ForceIFrame@4
_DataBroker_GetMediaReceivedBytes@12
_DataBroker_GetVersionInfo@16
_DataBroker_Initial@28
_DataBroker_InputPacket@16
_DataBroker_InputPacketEx@16
_DataBroker_InputTxPacket@12
_DataBroker_JumpMediaStreaming@8
_DataBroker_PauseMediaStreaming@4
_DataBroker_Release@4
_DataBroker_ResumeMediaStreaming@4
_DataBroker_SetCodecPriority@12
_DataBroker_SetConnectionExtraOption@16
_DataBroker_SetConnectionNetPacketCallback@16
_DataBroker_SetConnectionOptions@8
_DataBroker_SetConnectionOptionsEx@16
_DataBroker_SetConnectionUrlsExtra@28
_DataBroker_SetInputExtraOption@16
_DataBroker_SetInputOptions@8
_DataBroker_SetOptions@8
_DataBroker_SetWininetHandler@12
_DataBroker_StartTxConnection@4
_DataBroker_StopTxConnection@4
_DataBroker_Use2K@0
_DataBroker_Use3K@0
_DataBroker_Use5K@0
_DataBroker_Use7K@0
_DataBroker_UseSIP@0
_DataBroker_UseSSL@0

Sections

.text
Size: 320KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b24dcf5e5bb6f7a4c0ea90525454ce8

Headers

File Characteristics

PDB Paths

Imports

kernel32

parsedatapacket

srvdepresource

iphlpapi

ws2_32

wininet

Exports

Exports

Sections

.text Size: 320KB - Virtual size: 317KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 760B

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 320KB - Virtual size: 317KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 760B

.reloc
Size: 16KB - Virtual size: 12KB