d82b7b750e675db1468844951e0689aa7c6503c27eefd29beec9df569d5037a8

Sharing

Copy URL Twitter E-mail

General

Target

d82b7b750e675db1468844951e0689aa7c6503c27eefd29beec9df569d5037a8
Size

5.5MB
MD5

e2dc8268d93aeadb47eba4a48f15a404
SHA1

d20e2d90a91b56e86613fb9666df09a5a5119d01
SHA256

d82b7b750e675db1468844951e0689aa7c6503c27eefd29beec9df569d5037a8
SHA512

2274f0b1e67b4b9f9431ad9958bed3f6f69a35d1db8d7c58a01e709085561f1d63f73087b02b46063b3a2c583330b6bfa37b4623cc86fe60aeab12146e019b32
SSDEEP

49152:qJqcSrPi9vtOCPNg6MOLTDGAQonV3kXHHKTgksnSGZ3O6p8yjH8WR7H6u:uqBPiTZMhAJV3auG8FyjH8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d82b7b750e675db1468844951e0689aa7c6503c27eefd29beec9df569d5037a8

Files

d82b7b750e675db1468844951e0689aa7c6503c27eefd29beec9df569d5037a8
.dll windows:5 windows x86 arch:x86

1d62f95828582b01ee74167b792bcac7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MyWork\Linux\MyWork\HP-Socket\Windows\Lib\HPSocket\x86\HPSocket_D.pdb

Imports

kernel32

GetExitCodeThread
PostQueuedCompletionStatus
InterlockedExchange
ResetEvent
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
WideCharToMultiByte
RaiseException
GetQueuedCompletionStatus
SetEvent
CreateIoCompletionPort
UnmapViewOfFile
lstrlenA
lstrcmpiA
ResumeThread
SetThreadPriority
CreateFileA
GetFileSize
MapViewOfFileEx
CreateFileMappingA
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
WaitForMultipleObjects
InterlockedExchangeAdd
SetWaitableTimer
CancelWaitableTimer
TryEnterCriticalSection
CreateTimerQueueTimer
DeleteTimerQueueTimer
SystemTimeToFileTime
GetSystemTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteFiber
SwitchToFiber
CreateFiber
FindNextFileW
FindFirstFileW
FindClose
GetModuleHandleW
GetVersion
WriteFile
GetFileType
GetStdHandle
FormatMessageW
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetEnvironmentVariableW
TerminateThread
GetSystemInfo
CreateWaitableTimerA
CreateFileW
SetEnvironmentVariableA
CompareStringW
GetDriveTypeW
SetEndOfFile
GetUserDefaultLCID
DeleteTimerQueueEx
CreateTimerQueue
CreateEventA
Sleep
GetNativeSystemInfo
SwitchToThread
ReleaseSemaphore
WaitForSingleObject
CloseHandle
CreateSemaphoreA
SetLastError
GetLastError
GetCurrentThreadId
GetCurrentProcessId
HeapDestroy
HeapCreate
HeapFree
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
VirtualQuery
SetFilePointer
SetStdHandle
FlushFileBuffers
GetConsoleCP
ReadFile
GetFullPathNameA
SetCurrentDirectoryW
InterlockedCompareExchange
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
GetLocaleInfoW
FreeLibrary
GetStartupInfoW
SetHandleCount
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
HeapQueryInformation
IsProcessorFeaturePresent
LoadLibraryW
FatalAppExitA
GetModuleFileNameA
SetConsoleCtrlHandler
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCommandLineA
ExitThread
CreateThread
WriteConsoleW
ExitProcess
IsBadReadPtr
HeapValidate
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
DecodePointer
RtlUnwind
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
OpenEventA
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
HeapReAlloc
HeapSize
VirtualAlloc
MapViewOfFile
GetCurrentThread
OpenFileMappingA
GetModuleFileNameW
InitializeCriticalSection

user32

GetProcessWindowStation
GetUserObjectInformationW
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
MessageBoxW
DispatchMessageA

advapi32

OpenThreadToken
SetThreadToken
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CryptEnumProvidersW
CryptReleaseContext
CryptDestroyKey
CryptGenRandom
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextW
CryptGetProvParam
RevertToSelf

oleaut32

SysFreeString

shlwapi

StrChrA
StrPBrkA
PathFileExistsA
PathIsDirectoryA

winmm

timeGetTime
timeBeginPeriod
timeGetDevCaps
timeEndPeriod

ws2_32

WSARecv
WSASend
shutdown
closesocket
sendto
send
ioctlsocket
getsockopt
setsockopt
WSAIoctl
WSASendTo
ntohl
getsockname
getpeername
WSAAddressToStringA
getaddrinfo
freeaddrinfo
WSASetLastError
WSAStringToAddressA
htons
ntohs
WSAGetLastError
WSARecvFrom
bind
socket
WSAGetOverlappedResult
connect
WSAStartup
WSACleanup
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
recv
WSACloseEvent
listen
recvfrom
getnameinfo
accept
htonl

crypt32

CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext

Exports

Exports

HP_Create_BrotliCompressor
HP_Create_BrotliDecompressor
HP_Create_GZipCompressor
HP_Create_GZipDecompressor
HP_Create_HttpAgent
HP_Create_HttpClient
HP_Create_HttpServer
HP_Create_HttpSyncClient
HP_Create_HttpsAgent
HP_Create_HttpsClient
HP_Create_HttpsServer
HP_Create_HttpsSyncClient
HP_Create_SSLAgent
HP_Create_SSLClient
HP_Create_SSLPackAgent
HP_Create_SSLPackClient
HP_Create_SSLPackServer
HP_Create_SSLPullAgent
HP_Create_SSLPullClient
HP_Create_SSLPullServer
HP_Create_SSLServer
HP_Create_SocketTaskObj
HP_Create_TcpAgent
HP_Create_TcpClient
HP_Create_TcpPackAgent
HP_Create_TcpPackClient
HP_Create_TcpPackServer
HP_Create_TcpPullAgent
HP_Create_TcpPullClient
HP_Create_TcpPullServer
HP_Create_TcpServer
HP_Create_ThreadPool
HP_Create_UdpArqClient
HP_Create_UdpArqServer
HP_Create_UdpCast
HP_Create_UdpClient
HP_Create_UdpNode
HP_Create_UdpServer
HP_Create_ZLibCompressor
HP_Create_ZLibDecompressor
HP_Destroy_Compressor
HP_Destroy_Decompressor
HP_Destroy_HttpAgent
HP_Destroy_HttpClient
HP_Destroy_HttpServer
HP_Destroy_HttpSyncClient
HP_Destroy_HttpsAgent
HP_Destroy_HttpsClient
HP_Destroy_HttpsServer
HP_Destroy_HttpsSyncClient
HP_Destroy_SSLAgent
HP_Destroy_SSLClient
HP_Destroy_SSLPackAgent
HP_Destroy_SSLPackClient
HP_Destroy_SSLPackServer
HP_Destroy_SSLPullAgent
HP_Destroy_SSLPullClient
HP_Destroy_SSLPullServer
HP_Destroy_SSLServer
HP_Destroy_SocketTaskObj
HP_Destroy_TcpAgent
HP_Destroy_TcpClient
HP_Destroy_TcpPackAgent
HP_Destroy_TcpPackClient
HP_Destroy_TcpPackServer
HP_Destroy_TcpPullAgent
HP_Destroy_TcpPullClient
HP_Destroy_TcpPullServer
HP_Destroy_TcpServer
HP_Destroy_ThreadPool
HP_Destroy_UdpArqClient
HP_Destroy_UdpArqServer
HP_Destroy_UdpCast
HP_Destroy_UdpClient
HP_Destroy_UdpNode
HP_Destroy_UdpServer
HP_GetHPSocketVersion
HP_GetSocketErrorDesc
HP_HttpCookie_HLP_CurrentUTCTime
HP_HttpCookie_HLP_ExpiresToMaxAge
HP_HttpCookie_HLP_MakeExpiresStr
HP_HttpCookie_HLP_MaxAgeToExpires
HP_HttpCookie_HLP_ParseExpires
HP_HttpCookie_HLP_ToString
HP_HttpCookie_MGR_ClearCookies
HP_HttpCookie_MGR_DeleteCookie
HP_HttpCookie_MGR_IsEnableThirdPartyCookie
HP_HttpCookie_MGR_LoadFromFile
HP_HttpCookie_MGR_RemoveExpiredCookies
HP_HttpCookie_MGR_SaveToFile
HP_HttpCookie_MGR_SetCookie
HP_HttpCookie_MGR_SetEnableThirdPartyCookie
HP_SSL_RemoveThreadLocalState
SYS_Alloca
SYS_Base64Decode
SYS_Base64Encode
SYS_BrotliCompress
SYS_BrotliCompressEx
SYS_BrotliGuessCompressBound
SYS_BrotliUncompress
SYS_Calloc
SYS_CodePageToUnicode
SYS_CodePageToUnicodeEx
SYS_Compress
SYS_CompressEx
SYS_EnumHostIPAddresses
SYS_Free
SYS_FreeHostIPAddresses
SYS_GZipCompress
SYS_GZipGuessUncompressBound
SYS_GZipUncompress
SYS_GbkToUnicode
SYS_GbkToUnicodeEx
SYS_GbkToUtf8
SYS_GbkToUtf8Ex
SYS_GetIPAddress
SYS_GetLastError
SYS_GetSocketLocalAddress
SYS_GetSocketOption
SYS_GetSocketRemoteAddress
SYS_GuessBase64DecodeBound
SYS_GuessBase64EncodeBound
SYS_GuessCompressBound
SYS_GuessUrlDecodeBound
SYS_GuessUrlEncodeBound
SYS_HToN64
SYS_IoctlSocket
SYS_IsIPAddress
SYS_IsLittleEndian
SYS_Malloc
SYS_NToH64
SYS_Realloc
SYS_SSO_DontLinger
SYS_SSO_ExclusiveAddressUse
SYS_SSO_Linger
SYS_SSO_NoDelay
SYS_SSO_RecvBuffSize
SYS_SSO_RecvTimeOut
SYS_SSO_ReuseAddress
SYS_SSO_SendBuffSize
SYS_SSO_SendTimeOut
SYS_SetSocketOption
SYS_SwapEndian16
SYS_SwapEndian32
SYS_Uncompress
SYS_UncompressEx
SYS_UnicodeToCodePage
SYS_UnicodeToCodePageEx
SYS_UnicodeToGbk
SYS_UnicodeToGbkEx
SYS_UnicodeToUtf8
SYS_UnicodeToUtf8Ex
SYS_UrlDecode
SYS_UrlEncode
SYS_Utf8ToGbk
SYS_Utf8ToGbkEx
SYS_Utf8ToUnicode
SYS_Utf8ToUnicodeEx
SYS_WSAGetLastError
SYS_WSAIoctl
_HP_SSL_DefaultServerNameCallback@8

Sections

.textbss
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d62f95828582b01ee74167b792bcac7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleaut32

shlwapi

winmm

ws2_32

crypt32

Exports

Exports

Sections

.textbss Size: - Virtual size: 1.9MB

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 36KB - Virtual size: 63KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 150KB - Virtual size: 150KB

.textbss
Size: - Virtual size: 1.9MB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 36KB - Virtual size: 63KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 150KB - Virtual size: 150KB