6a0ce4ce93a8cfaa310965e0ab80bd375e2f9baebed5ce88d97d3c9a67adebbe

Sharing

Copy URL Twitter E-mail

General

Target

6a0ce4ce93a8cfaa310965e0ab80bd375e2f9baebed5ce88d97d3c9a67adebbe
Size

1.9MB
MD5

d077fd88e512642947f9b84bc2e30ca5
SHA1

0f47b24e9e9890cf181defbd34487b71479dd285
SHA256

6a0ce4ce93a8cfaa310965e0ab80bd375e2f9baebed5ce88d97d3c9a67adebbe
SHA512

500ff1501f9b9eeb874f6fffb92c6b6029425db9ea74227d52b06610a9eb17add0c6fecc6061564cc4ebe26f59c002f8bf2f2bd87aa503e98e192528e1a7e8b7
SSDEEP

24576:n7VE9YbjaISs+ZoDq5YqdIkgcvoI6fvkIfBt+HgeLYYZXyPf+E8DQugRYKM6Hc77:ny9WnSCq5Yqd5gcYfvkEHf+E8DWf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a0ce4ce93a8cfaa310965e0ab80bd375e2f9baebed5ce88d97d3c9a67adebbe

Files

6a0ce4ce93a8cfaa310965e0ab80bd375e2f9baebed5ce88d97d3c9a67adebbe
.dll windows:6 windows x86 arch:x86

8c7212c8b25ef901eade772ca2353065

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u421\1068\build\windows-i586\deploy\tmp\deploy\plugin\npdeployJava1\obj\npdeployJava1.pdb

Imports

urlmon

CoInternetCreateSecurityManager
IsValidURL

wininet

InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetConnectW
InternetOpenW
InternetErrorDlg
HttpOpenRequestW
InternetCrackUrlW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

SetLastError
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
GetCurrentThreadId
GetModuleFileNameW
LoadResource
LockResource
FindResourceW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalHandle
GlobalFree
MulDiv
lstrcmpW
GetLocaleInfoW
CreateFileW
GetFileSize
SetEndOfFile
SetFilePointer
WriteFile
Sleep
DeleteFileW
GetDiskFreeSpaceW
GetTempFileNameW
GetTempPathW
ReleaseMutex
GetExitCodeProcess
GetProcAddress
MultiByteToWideChar
GetThreadLocale
InitializeCriticalSection
CreateMutexW
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
LoadLibraryExW
SizeofResource
lstrcmpiW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFullPathNameW
GetShortPathNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
MoveFileExW
ExpandEnvironmentStringsW
RemoveDirectoryW
GetCurrentProcess
TerminateProcess
CreateProcessW
OpenProcess
GetSystemTime
GetSystemWow64DirectoryW
LoadLibraryW
LocalFree
SystemTimeToFileTime
CreateDirectoryW
SetFileAttributesW
WideCharToMultiByte
CreateThread
GetLongPathNameW
VerSetConditionMask
GlobalMemoryStatusEx
CloseHandle
GetVersionExW
GetNativeSystemInfo
LocalAlloc
FormatMessageW
lstrlenW
VerifyVersionInfoW
WTSGetActiveConsoleSessionId
GetSystemWindowsDirectoryW
GetModuleHandleExW
OutputDebugStringW
GetCurrentProcessId
GetEnvironmentVariableW
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
GetLocaleInfoEx
InitializeCriticalSectionEx
GetStringTypeW
FormatMessageA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
DecodePointer
ReadConsoleW
SetConsoleCtrlHandler
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
ReadFile
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTimeZoneInformation
ExitProcess
GetCurrentThread
GetStdHandle
HeapSize
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
FreeEnvironmentStringsW
WriteConsoleW
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetLocalTime
GetFileType

psapi

EnumProcesses
GetProcessImageFileNameA

user32

GetShellWindow
CloseDesktop
OpenInputDesktop
PtInRect
GetCursorPos
SetCursor
wsprintfW
wsprintfA
GetMonitorInfoW
MonitorFromWindow
MapWindowPoints
GetWindowRect
SendDlgItemMessageW
DialogBoxParamW
MapDialogRect
LoadCursorW
LoadBitmapW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
MessageBoxW
SetWindowContextHelpId
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
DrawTextW
GetDC
DestroyAcceleratorTable
UpdateWindow
EnableWindow
IsWindowUnicode
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
ReleaseCapture
SetCapture
GetFocus
GetActiveWindow
SetFocus
CharNextW
GetDlgCtrlID
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SetWindowPos
MoveWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
PeekMessageW
DispatchMessageW
DispatchMessageA
TranslateMessage
GetMessageW
GetMessageA
RegisterWindowMessageW
LoadStringW
UnregisterClassW
GetWindowThreadProcessId
ReleaseDC
FrameRect
CreateAcceleratorTableW

gdi32

SetWindowOrgEx
SetBkMode
SetTextColor
ModifyWorldTransform
GetObjectW
DPtoLP
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
RestoreDC
SaveDC
SelectObject
SetGraphicsMode
StretchBlt
SetViewportOrgEx

wsock32

ioctlsocket
inet_addr
gethostbyaddr
gethostbyname

comctl32

ord17

imagehlp

ImageUnload
ImageLoad

ole32

CreateStreamOnHGlobal
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
StringFromCLSID
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoFreeUnusedLibraries
CoTaskMemAlloc

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocStringLen
VariantInit
VariantClear
SysFreeString
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
SysStringByteLen
VariantChangeType
CreateErrorInfo
LoadTypeLi
GetErrorInfo
SetErrorInfo
SysAllocString

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 841KB - Virtual size: 840KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 436KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c7212c8b25ef901eade772ca2353065

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

wininet

version

kernel32

psapi

user32

gdi32

wsock32

comctl32

imagehlp

ole32

oleaut32

Exports

Exports

Sections

.text Size: 841KB - Virtual size: 840KB

.rdata Size: 366KB - Virtual size: 365KB

.data Size: 13KB - Virtual size: 19KB

.rsrc Size: 253KB - Virtual size: 253KB

.reloc Size: 436KB - Virtual size: 440KB

.text
Size: 841KB - Virtual size: 840KB

.rdata
Size: 366KB - Virtual size: 365KB

.data
Size: 13KB - Virtual size: 19KB

.rsrc
Size: 253KB - Virtual size: 253KB

.reloc
Size: 436KB - Virtual size: 440KB