b99289f7ec51159c10591b0d5ffab9eb4a049f483d6a7e6ffee4226f5d382e59

Sharing

Copy URL

Twitter E-mail

General

Target

b99289f7ec51159c10591b0d5ffab9eb4a049f483d6a7e6ffee4226f5d382e59
Size

735KB
MD5

2ee67801e64bb4a8576fba8bc88b1256
SHA1

37f8e0f198ac856066c530863c97157b1282f84d
SHA256

b99289f7ec51159c10591b0d5ffab9eb4a049f483d6a7e6ffee4226f5d382e59
SHA512

ae98b76979ab3bf3947349fba1ae0ad4a9061b6c6419bb33c90ab5f8d89843960f9379be2dddbe0592fa6bf46a3e6b9d52cf25651089721cf2a912e5f465b729
SSDEEP

12288:kmNFfkqlBc4gqoergCkyOYcLq82/mlkiPb+i7BQxyP0iytAo4FBm17jlzlu:VNpkqlBgqoezk28H5Pb+i7BQmktvVu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b99289f7ec51159c10591b0d5ffab9eb4a049f483d6a7e6ffee4226f5d382e59

Files

b99289f7ec51159c10591b0d5ffab9eb4a049f483d6a7e6ffee4226f5d382e59
.dll windows:6 windows x86 arch:x86

cf779f9ca61e726f2c29406e4beadd9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\GITEE\work\report-base-lib\ReportBaseLib\bin\x86\Release\ReportBaseLib_x86_Release.pdb

Imports

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145

ws2_32

ntohl
WSACloseEvent
WSASetLastError
getsockopt
freeaddrinfo
setsockopt
WSAStartup
WSACleanup
closesocket
ioctlsocket
shutdown
listen
WSARecv
getaddrinfo
ntohs
htons
gethostname
sendto
recvfrom
WSASend
accept
select
WSASocketW
__WSAFDIsSet
WSAIoctl
socket
getsockname
connect
recv
send
WSAWaitForMultipleEvents
WSAResetEvent
bind
WSAEventSelect
WSAEnumNetworkEvents
WSAAddressToStringW
getpeername
WSAGetLastError
WSACreateEvent
htonl

kernel32

FormatMessageA
GetExitCodeThread
GetNativeSystemInfo
CreateDirectoryW
CreateFileW
GetFileAttributesExW
GetFullPathNameW
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockShared
AcquireSRWLockShared
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetProcAddress
DecodePointer
CloseHandle
CreateFileA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LoadLibraryA
DeviceIoControl
GetModuleFileNameA
CreateDirectoryA
GetPrivateProfileStringA
TryEnterCriticalSection
ReleaseSRWLockExclusive
Sleep
MultiByteToWideChar
FormatMessageW
LocalFree
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
CreateEventW
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SetEvent
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
SetLastError
VerSetConditionMask
VerifyVersionInfoA
CreateWaitableTimerA
GetLocalTime
TlsGetValue
TlsSetValue
TlsFree
GetFileAttributesA
ReadFile
GetComputerNameA
GetTickCount
GetCurrentThreadId
WriteFile
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
LoadLibraryW
QueryPerformanceCounter
MoveFileExW
WaitForSingleObjectEx
GetStdHandle
GetFileType
PeekNamedPipe
GetEnvironmentVariableA
VerifyVersionInfoW
GetSystemTimeAsFileTime
AcquireSRWLockExclusive
InitializeSRWLock
LCMapStringEx
EncodePointer
IsDebuggerPresent
CreateThread
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
InitializeSListHead

user32

wsprintfA

comdlg32

GetFileTitleA

advapi32

CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW

shlwapi

PathRemoveBackslashA
PathAddBackslashA
PathRemoveFileSpecA
PathIsDirectoryA
PathRemoveExtensionA
PathFileExistsA

mswsock

GetAcceptExSockaddrs
AcceptEx

vcruntime140

__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__current_exception
memcpy
memchr
strstr
memset
strchr
__std_type_info_compare
_purecall
__std_exception_destroy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
memmove
__uncaught_exception
_CxxThrowException
strrchr

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_initialize_onexit_table
_beginthreadex
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
strerror
_configure_narrow_argv
_cexit
_seh_filter_dll
_invalid_parameter_noinfo
_errno
_crt_atexit
_execute_onexit_table
_getpid
__sys_nerr
abort
_register_onexit_function
terminate

api-ms-win-crt-string-l1-1-0

strpbrk
toupper
_wcsdup
strncmp
wcspbrk
isspace
_strdup
isupper
islower
__strncnt
strcat_s
strspn
strcpy_s
_strlwr
_stricmp
strncpy
tolower
strnlen
strcspn
isalnum

api-ms-win-crt-heap-l1-1-0

realloc
calloc
malloc
free
_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fclose
__stdio_common_vfprintf
fgetc
fputc
_fsopen
__acrt_iob_func
ungetc
fflush
setvbuf
fsetpos
_fseeki64
_read
_lseeki64
fgets
_wfopen
fgetpos
feof
__stdio_common_vsscanf
fputs
fread
fseek
_get_stream_buffer_pointers
__stdio_common_vsnprintf_s
_write
fopen
fwrite
_close
_open
__stdio_common_vsprintf

api-ms-win-crt-multibyte-l1-1-0

_mbsrchr
_mbscmp

api-ms-win-crt-filesystem-l1-1-0

_unlink
_unlock_file
_lock_file
_splitpath
_fstat64
_access
_wstat64
_stat64
_waccess

api-ms-win-crt-math-l1-1-0

ceil
frexp

api-ms-win-crt-locale-l1-1-0

__pctype_func
setlocale
localeconv
___lc_codepage_func
_unlock_locales
___lc_locale_name_func
_lock_locales
___mb_cur_max_func

api-ms-win-crt-time-l1-1-0

_time64
strftime
_localtime64
_gmtime64

api-ms-win-crt-convert-l1-1-0

atoi
wcstombs
strtoul
atoll
strtol
strtoll

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

Asyn_Report
Asyn_Report_Save
Asyn_Report_Save_withTags
Asyn_Report_withTags
EnableLog
Init

Sections

.text
Size: 577KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf779f9ca61e726f2c29406e4beadd9c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wldap32

ws2_32

kernel32

user32

comdlg32

advapi32

shlwapi

mswsock

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 577KB - Virtual size: 577KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 11KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 577KB - Virtual size: 577KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 11KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 28KB