fd9d189375f8b36902286eff5a5f0d9f75b9f8a26e6912beb5830a7fc6b3d206

Sharing

Copy URL Twitter E-mail

General

Target

fd9d189375f8b36902286eff5a5f0d9f75b9f8a26e6912beb5830a7fc6b3d206
Size

103KB
MD5

465ae27109cbeb243d9d37e646fa80e6
SHA1

c83fb5cb2ff2f1d910166064b02f2187a36634fa
SHA256

fd9d189375f8b36902286eff5a5f0d9f75b9f8a26e6912beb5830a7fc6b3d206
SHA512

8ac911d1c96ad138cffe4b986040a4e336accacb1753707208d6fd9542179c1699a22dcd61c668d73f48fbb9e2150a8b3ab73b54b08c48a30c55161c568e852f
SSDEEP

1536:uRp33S6Gq4N4sTw0X6zTQnltV39diVDTujxKXS7mo9Yp+oYlT0k17:uRpsrNDTw0X4To1GVDTutKho9Yp+oYX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd9d189375f8b36902286eff5a5f0d9f75b9f8a26e6912beb5830a7fc6b3d206

Files

fd9d189375f8b36902286eff5a5f0d9f75b9f8a26e6912beb5830a7fc6b3d206
.dll windows:6 windows x86 arch:x86

531efaf1182940c2bcd20d92b616cfc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\j-vtfs2017\XQRelease\XQ_202403\DASRC\exe\daXQStrategyResult.pdb

Imports

mfc140

ord9353
ord14507
ord7886
ord14509
ord12485
ord12484
ord2484
ord5336
ord8285
ord12806
ord8347
ord8429
ord1507
ord1044
ord4143
ord4082
ord1468
ord300
ord1526
ord7618
ord8322
ord12863
ord4656
ord2477
ord4807
ord1529
ord310
ord316
ord4315
ord12888
ord7905
ord2027
ord11927
ord6831
ord9166
ord10202
ord8182
ord5388
ord7677
ord7688
ord7687
ord5210
ord5390
ord5231
ord5742
ord5504
ord9305
ord5739
ord5528
ord5228
ord12869
ord12162
ord11928
ord14380
ord12474
ord7964
ord12194
ord10383
ord8180
ord4580
ord12190
ord12182
ord5894
ord3844
ord6323
ord14582
ord6324
ord14583
ord6322
ord7961
ord14581
ord993
ord2397
ord2294
ord2178
ord2370
ord2263
ord485
ord2408
ord2372
ord2409
ord2406
ord1050
ord324
ord2241
ord2359
ord1051
ord325
ord1510
ord3841
ord1509

kernel32

OutputDebugStringW
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
CloseHandle

msvcp140

?_Xlength_error@std@@YAXPBD@Z

xmlhelper3

??1CPugiXmlNodeList@PugiXMLHelper@@QAE@XZ
?SelectNodes@CPugiXmlNode@PugiXMLHelper@@QBE?AVCPugiXmlNodeList@2@PBDPAVxpath_variable_set@pugi@@@Z
?OuterXml@CPugiXmlNode@PugiXMLHelper@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?Empty@CPugiXmlNode@PugiXMLHelper@@QBE_NXZ
?Empty@CPugiXmlAttribute@PugiXMLHelper@@QBE_NXZ
?SelectSingleNode@CPugiXmlNode@PugiXMLHelper@@QBE?AV12@PBDPAVxpath_variable_set@pugi@@@Z
??1CPugiXmlAttribute@PugiXMLHelper@@QAE@XZ
?Attribute@CPugiXmlNode@PugiXMLHelper@@QBE?AVCPugiXmlAttribute@2@PBD@Z
?Value@CPugiXmlAttribute@PugiXMLHelper@@QBEPBDXZ
?SelectSingleNode@CPugiXmlDocument@PugiXMLHelper@@QBE?AVCPugiXmlNode@2@PBDPAVxpath_variable_set@pugi@@@Z
?LoadXml@CPugiXmlDocument@PugiXMLHelper@@QAE?AUxml_parse_result@pugi@@PBDI@Z
??1CPugiXmlDocument@PugiXMLHelper@@QAE@XZ
??0CPugiXmlDocument@PugiXMLHelper@@QAE@XZ
??1CPugiXmlNode@PugiXMLHelper@@QAE@XZ
?GetNode@CPugiXmlNodeList@PugiXMLHelper@@SA?AVCPugiXmlNode@2@PBVxpath_node@pugi@@@Z
?GetNode@CPugiXmlNode@PugiXMLHelper@@QAE?AVxml_node@pugi@@XZ
?Empty@CPugiXmlNodeList@PugiXMLHelper@@QBE_NXZ
?End@CPugiXmlNodeList@PugiXMLHelper@@QBEPBVxpath_node@pugi@@XZ
?Begin@CPugiXmlNodeList@PugiXMLHelper@@QBEPBVxpath_node@pugi@@XZ

jdutil

?JDUtil_gfnSplit@JDUtil@@YAXABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$vector@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V?$allocator@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@std@@@std@@DH@Z

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__CxxFrameHandler3
memmove

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_cexit
_seh_filter_dll
_initterm
_invalid_parameter_noinfo_noreturn
_initterm_e
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

atoi

sqlite3

sqlite3_column_type
sqlite3_column_text
sqlite3_free
sqlite3_mprintf

Exports

Exports

??0CXQStrategyResult@@QAE@ABV0@@Z
??0CXQStrategyResult@@QAE@PAVIXQAppV2@XQAPPV2@@@Z
??0CXQStrategyResultScript@@QAE@ABV0@@Z
??0CXQStrategyResultScript@@QAE@XZ
??0CXQStrategyResultScriptField@@QAE@ABV0@@Z
??0CXQStrategyResultScriptField@@QAE@XZ
??0CXQStrategyResultSymbol@@QAE@ABV0@@Z
??0CXQStrategyResultSymbol@@QAE@XZ
??0CXQStrategyResultSymbolErrorField@@QAE@ABV0@@Z
??0CXQStrategyResultSymbolErrorField@@QAE@XZ
??0CXQStrategyResultSymbolField@@QAE@ABV0@@Z
??0CXQStrategyResultSymbolField@@QAE@XZ
??1CXQStrategyResult@@QAE@XZ
??1CXQStrategyResultScript@@QAE@XZ
??1CXQStrategyResultScriptField@@QAE@XZ
??1CXQStrategyResultSymbol@@QAE@XZ
??1CXQStrategyResultSymbolErrorField@@QAE@XZ
??1CXQStrategyResultSymbolField@@QAE@XZ
??4CXQStrategyResult@@QAEAAV0@ABV0@@Z
??4CXQStrategyResultScript@@QAEAAV0@ABV0@@Z
??4CXQStrategyResultScriptField@@QAEAAV0@ABV0@@Z
??4CXQStrategyResultSymbol@@QAEAAV0@ABV0@@Z
??4CXQStrategyResultSymbolErrorField@@QAEAAV0@ABV0@@Z
??4CXQStrategyResultSymbolField@@QAEAAV0@ABV0@@Z
?GetHistUpdateDBString@CXQStrategyResult@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV23@@Z
?GetNumberOfErrorSymbols@CXQStrategyResult@@QAEHXZ
?GetSaveDBString@CXQStrategyResult@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV23@@Z
?GetSaveHistDBString@CXQStrategyResult@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV23@@Z
?GetUpdateDBString@CXQStrategyResult@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV23@@Z
?HasErrorSymbol@CXQStrategyResult@@QAE_NXZ
?IsBackTackingResult@CXQStrategyResult@@QAE_NXZ
?LoadHistorySQLiteQuery@CXQStrategyResult@@QAEHPAVCppSQLite3Query@@@Z
?LoadSQLiteQuery@CXQStrategyResult@@QAEHPAVCppSQLite3Query@@@Z
?LoadXMLNode@CXQStrategyResult@@QAEHABVCPugiXmlNode@PugiXMLHelper@@@Z
?LoadXml@CXQStrategyResult@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?__autoclassinit2@CXQStrategyResult@@QAEXI@Z
?__autoclassinit2@CXQStrategyResultScript@@QAEXI@Z
?__autoclassinit2@CXQStrategyResultScriptField@@QAEXI@Z
?__autoclassinit2@CXQStrategyResultSymbol@@QAEXI@Z
?__autoclassinit2@CXQStrategyResultSymbolField@@QAEXI@Z

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

531efaf1182940c2bcd20d92b616cfc9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140

kernel32

msvcp140

xmlhelper3

jdutil

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

sqlite3

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB