a4fd740ecb22533367ce2287b1f89db7a0d2fc09003c6a90701ea474721652d2

Sharing

Copy URL

Twitter E-mail

General

Target

a4fd740ecb22533367ce2287b1f89db7a0d2fc09003c6a90701ea474721652d2
Size

6.3MB
MD5

ee1ec7f154fa9161a614b1c593c66ec1
SHA1

4e2dead912eb343bfb0fb20a0be83f3a400c351d
SHA256

a4fd740ecb22533367ce2287b1f89db7a0d2fc09003c6a90701ea474721652d2
SHA512

1e4e3020655c8bd3b0f1a437ec6929c241e4599f45d4194406b8a206840190690df5e1412fb1979c51352c7a71df5f92e3d99ab9a2c4d6f91c8bb6fc661f813f
SSDEEP

49152:BGdPDxfQ0iEritPtDzbxYDtsghQTzV8aV1HLz1t/Yj5gi/nYYGhqEM0UKgM4rhKO:cPDRGba5sg2hO0GY3lZeRTw0DG2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4fd740ecb22533367ce2287b1f89db7a0d2fc09003c6a90701ea474721652d2

Files

a4fd740ecb22533367ce2287b1f89db7a0d2fc09003c6a90701ea474721652d2
.dll windows:6 windows x86 arch:x86

b4b2be0b659c80d1d703391bcd9d3ed2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\DirectAccess\01-src\coding\daapi\bin\_DAApi.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetLocalTime
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
SetEndOfFile
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapDestroy
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
GetLastError
RaiseException
DecodePointer
CreateDirectoryA
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
FormatMessageW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GetStdHandle
GetFileType
WriteFile
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
GetCurrentProcessId
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
FindClose
FindFirstFileW
FindNextFileW
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
GetStartupInfoW
InitializeSListHead
VirtualQuery
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
WaitForSingleObject
RtlUnwind
HeapValidate
GetSystemInfo
ExitThread
ResumeThread
WriteConsoleW
ExitProcess
SetConsoleCtrlHandler
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetACP
HeapQueryInformation
OutputDebugStringA
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
CreateDirectoryW
GetFileAttributesExW
GetTimeZoneInformation
SetStdHandle
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
FindFirstFileExA
FindFirstFileExW
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
RtlCaptureStackBackTrace

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW
UnregisterClassW

ws2_32

WSAStartup
WSAGetLastError
socket
shutdown
setsockopt
inet_pton
select
recv
ntohs
htons
getsockname
ioctlsocket
connect
closesocket
__WSAFDIsSet
listen
bind
send
getsockopt
gethostbyname
WSACleanup
inet_ntoa
getservbyname
getaddrinfo
freeaddrinfo
getnameinfo
WSASetLastError
accept

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenStore

advapi32

CryptDestroyHash
CryptEnumProvidersW
CryptSignHashW
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam

Exports

Exports

??0CFutureApi@Directaccess@@QAE@ABV01@@Z
??0CFutureApi@Directaccess@@QAE@XZ
??0CMarketApi@Directaccess@@QAE@ABV01@@Z
??0CMarketApi@Directaccess@@QAE@XZ
??0CStockApi@Directaccess@@QAE@ABV01@@Z
??0CStockApi@Directaccess@@QAE@XZ
??1CFutureApi@Directaccess@@UAE@XZ
??1CMarketApi@Directaccess@@UAE@XZ
??1CStockApi@Directaccess@@UAE@XZ
??4CFutureApi@Directaccess@@QAEAAV01@ABV01@@Z
??4CMarketApi@Directaccess@@QAEAAV01@ABV01@@Z
??4CStockApi@Directaccess@@QAEAAV01@ABV01@@Z
??_7CFutureApi@Directaccess@@6B@
??_7CMarketApi@Directaccess@@6B@
??_7CStockApi@Directaccess@@6B@
?CreateFutureApi@CFutureApi@Directaccess@@SAPAV12@_NPBD1@Z
?CreateMarketApi@CMarketApi@Directaccess@@SAPAV12@_NPBD@Z
?CreateStockApi@CStockApi@Directaccess@@SAPAV12@_NPBD1@Z
?GetVersion@CFutureApi@Directaccess@@SAPBDXZ
?GetVersion@CMarketApi@Directaccess@@SAPBDXZ
?GetVersion@CStockApi@Directaccess@@SAPBDXZ

Sections

.textbss
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4b2be0b659c80d1d703391bcd9d3ed2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ws2_32

bcrypt

crypt32

advapi32

Exports

Exports

Sections

.textbss Size: - Virtual size: 2.4MB

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 22KB - Virtual size: 51KB

.idata Size: 7KB - Virtual size: 7KB

.msvcjmc Size: 512B - Virtual size: 416B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 186KB - Virtual size: 186KB

.textbss
Size: - Virtual size: 2.4MB

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 22KB - Virtual size: 51KB

.idata
Size: 7KB - Virtual size: 7KB

.msvcjmc
Size: 512B - Virtual size: 416B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 186KB - Virtual size: 186KB