3b3c89a3ddd725b1f942b12dd0b331628d6820f7e2131f49685ea43f42f9c121

Sharing

Copy URL

Twitter E-mail

General

Target

3b3c89a3ddd725b1f942b12dd0b331628d6820f7e2131f49685ea43f42f9c121
Size

1.6MB
MD5

24822788c4ed48cd1b65ad0911b62405
SHA1

902815c19d5c91573570f6296bd5b43cea9dbae8
SHA256

3b3c89a3ddd725b1f942b12dd0b331628d6820f7e2131f49685ea43f42f9c121
SHA512

ed54d227a9eb3510b33ba277c7c1ce0d16fe9ebaa432acccaee2b63eb570e0184edfac6b0870ce3356171de93de1bc4de8f4224f644b76859a5e6c0062e4daff
SSDEEP

24576:i3/+ynOLJILBiEqsGIHUhGVHC6qRxAXCmwnO7nj3pJe0ctGKPNlN4ve:aO1ILwMUhl8CTOc14ve

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b3c89a3ddd725b1f942b12dd0b331628d6820f7e2131f49685ea43f42f9c121

Files

3b3c89a3ddd725b1f942b12dd0b331628d6820f7e2131f49685ea43f42f9c121
.exe windows:5 windows x86 arch:x86

22ba413921bacb35b1c1d29ab7a43321

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\work_now\test\svrlink32_mLog\bin\linkDevice.pdb

Imports

ws2_32

WSAGetOverlappedResult
WSASend
WSARecv
htonl
ntohl
getprotobynumber
getservbyname
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
getsockopt
getsockname
getpeername
connect
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
listen
closesocket
socket
bind
htons
inet_addr
WSAStartup
inet_ntoa
accept

mlogrec

?setLogLoopCount@mLogRec@@QAEXE@Z
?GetLastPath@mLogRec@@QAEHPAD0@Z
?iCreDirs@mLogRec@@QAEHPAD0@Z
?Log_Record@mLogRec@@QAAXPADHHHPBDZZ
?setLogPath@mLogRec@@QAEXPBD@Z
?setLogMaxSize@mLogRec@@QAEXI@Z
?setLogLevel@mLogRec@@QAEXG@Z
?iInitLogId@mLogRec@@QAEHXZ
?setLogFileName@mLogRec@@QAEHPBD@Z
??1mLogRec@@QAE@XZ
??0mLogRec@@QAE@XZ
?prctl@@YAHHPBD@Z
?setConfPath@mLogRec@@QAEXPBD@Z

kernel32

GetLocaleInfoW
LCMapStringW
CompareStringW
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetConsoleCP
HeapQueryInformation
GetCPInfo
GetLocalTime
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
IsValidLocale
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetModuleFileNameA
CreateDirectoryW
OpenProcess
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
SetLastError
SleepEx
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
CreateEventA
SetEvent
ResetEvent
GetSystemDirectoryA
ReleaseSemaphore
GetQueuedCompletionStatus
CreateIoCompletionPort
CreateSemaphoreA
PostQueuedCompletionStatus
VirtualQuery
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
SetEnvironmentVariableA
HeapCreate
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDriveTypeW
FindFirstFileExW
GetStartupInfoW
SetConsoleCtrlHandler
ResumeThread
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
RtlUnwind
RaiseException
WriteConsoleW
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
GetCommandLineA
ExitProcess
InterlockedDecrement
FindClose
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileA
FindFirstFileExA
LoadLibraryExW
ExitThread
CreateThread
GetModuleHandleExW
GetModuleFileNameW
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer

advapi32

CryptAcquireContextA
CryptGenRandom
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22ba413921bacb35b1c1d29ab7a43321

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

mlogrec

kernel32

advapi32

wldap32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 201KB - Virtual size: 200KB

.data Size: 51KB - Virtual size: 67KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 128KB - Virtual size: 128KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 201KB - Virtual size: 200KB

.data
Size: 51KB - Virtual size: 67KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 128KB - Virtual size: 128KB