21d98c450ebcf2e99940aa0a357d2e3dab4d157418f76c5a6538604678126e41

Sharing

Copy URL Twitter E-mail

General

Target

21d98c450ebcf2e99940aa0a357d2e3dab4d157418f76c5a6538604678126e41
Size

51KB
MD5

32140e0065b4658c0e01e1740f1dddf3
SHA1

e65e97520573620add4577e741aafa1a99ea2f0d
SHA256

21d98c450ebcf2e99940aa0a357d2e3dab4d157418f76c5a6538604678126e41
SHA512

7a0a50e705c1b9485e376aa2a2a826d003042f00d6eae65b05d2e4d6cfde660398b58623ea539034cf3bafb5762e3bc52ca7fe200ef92ef7ecf614b30ad2c91c
SSDEEP

768:1gkEUFlrEwosav3+fo4wmyLtFquVDCs7s1MJmuTnE8YD0KurBcXojdTMWki:aUFxFyewxFq6s682ZKuNhdTMWk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21d98c450ebcf2e99940aa0a357d2e3dab4d157418f76c5a6538604678126e41

Files

21d98c450ebcf2e99940aa0a357d2e3dab4d157418f76c5a6538604678126e41
.dll windows:6 windows x64 arch:x64

4e0bd022fff26cf60f0913814e66f39e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Documents\vcpkg\buildtrees\qpid-proton\x64-o1-windows-rel\c\qpid-proton-proactor.pdb

Imports

qpid-proton-core

pn_connection_driver_next_event
pn_connection_driver_close
pn_connection_driver_write_closed
pn_connection_driver_write_done
pn_connection_driver_write_buffer
pn_connection_driver_read_close
pn_connection_driver_read_done
pn_connection_driver_has_event
pn_connection_driver_release_connection
pn_connection_driver_destroy
pn_connection_driver_bind
pn_connection_driver_init
pn_event_connection
pn_event_context
pn_event_class
pn_event_type
pn_error
pn_connection_driver_finished
pn_connection_collector
pn_connection_attachments
pn_connection_open
pn_default_logger
pn_logger_logf
pn_transport_set_server
pn_transport_condition
pn_transport_get_idle_timeout
pn_transport_get_remote_idle_timeout
pn_transport_tick
pn_transport_connection
pn_class_new
pn_incref
pn_decref
pn_free
pn_record
pn_record_def
pn_record_get
pn_record_set
pn_void_incref
pn_void_decref
pn_void_refcount
pn_list
pn_list_size
pn_list_get
pn_list_add
pn_list_remove
pn_list_del
PN_VOID
pn_condition_is_set
pn_condition_format
pn_connection_driver_read_buffer
pn_collector_next
pn_collector_peek
pn_collector_put_object
pn_collector_put
pn_collector_free
pn_collector
pn_event_type_name
pn_condition_free
pn_condition
pn_condition_copy
pn_error_copy
pn_error_text
pn_error_code
pn_error_format
pn_error_set
pn_error_free

ws2_32

getnameinfo
freeaddrinfo
getaddrinfo
WSASend
WSARecv
WSAIoctl
WSAGetLastError
WSACleanup
WSAStartup
socket
shutdown
setsockopt
recv
listen
getsockopt
getsockname
getpeername
bind
closesocket
ioctlsocket

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
GetTickCount64
VirtualAlloc
VirtualFree
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx
FormatMessageA

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memset
strrchr
__C_specific_handler
__std_type_info_destroy_list
memmove

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_execute_onexit_table
_seh_filter_dll
_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
_cexit
_configure_narrow_argv
perror
_initialize_narrow_environment
abort

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fflush
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free
_callnewh
realloc

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

strcmp
strncmp

Exports

Exports

pn_connection_proactor
pn_connection_wake
pn_connection_write_flush
pn_event_batch_next
pn_event_listener
pn_event_proactor
pn_event_raw_connection
pn_listener
pn_listener_accept
pn_listener_accept2
pn_listener_addr
pn_listener_attachments
pn_listener_close
pn_listener_condition
pn_listener_free
pn_listener_get_context
pn_listener_proactor
pn_listener_raw_accept
pn_listener_set_context
pn_netaddr_host_port
pn_netaddr_listening
pn_netaddr_local
pn_netaddr_next
pn_netaddr_remote
pn_netaddr_sockaddr
pn_netaddr_socklen
pn_netaddr_str
pn_proactor
pn_proactor_addr
pn_proactor_cancel_timeout
pn_proactor_connect
pn_proactor_connect2
pn_proactor_disconnect
pn_proactor_done
pn_proactor_free
pn_proactor_get
pn_proactor_interrupt
pn_proactor_listen
pn_proactor_now
pn_proactor_now_64
pn_proactor_raw_connect
pn_proactor_release_connection
pn_proactor_set_timeout
pn_proactor_wait
pn_raw_connection
pn_raw_connection_attachments
pn_raw_connection_close
pn_raw_connection_condition
pn_raw_connection_get_context
pn_raw_connection_give_read_buffers
pn_raw_connection_is_read_closed
pn_raw_connection_is_write_closed
pn_raw_connection_local_addr
pn_raw_connection_read_buffers_capacity
pn_raw_connection_read_close
pn_raw_connection_remote_addr
pn_raw_connection_set_context
pn_raw_connection_take_read_buffers
pn_raw_connection_take_written_buffers
pn_raw_connection_wake
pn_raw_connection_write_buffers
pn_raw_connection_write_buffers_capacity
pn_raw_connection_write_close
pn_transport_local_addr
pn_transport_remote_addr
pni_parse_addr

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e0bd022fff26cf60f0913814e66f39e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qpid-proton-core

ws2_32

kernel32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 148B

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 148B