9611469920cfc310c8c653f1b087358b9b8ca8bab095e9c1a9d4a715e00d31a6N

Sharing

Copy URL Twitter E-mail

General

Target

9611469920cfc310c8c653f1b087358b9b8ca8bab095e9c1a9d4a715e00d31a6N
Size

127KB
MD5

0d74abc6c6c9c44fe6d8c3995a4e2a60
SHA1

262ee155ce9648a6c470a4cf5d7399e08e1f0fca
SHA256

9611469920cfc310c8c653f1b087358b9b8ca8bab095e9c1a9d4a715e00d31a6
SHA512

b8151e51ae3d460ffe6191641e57556482eaf9527f68bb7437d7910e7599dfee0fd021549541375bde61f964910f561d58ae16339ca518ea54edc936a1b1affd
SSDEEP

3072:iKuITFFJ9PUqnxdUoAg0FuGAg0FuMQUO4:iKuOFT9NxAOGAOkV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9611469920cfc310c8c653f1b087358b9b8ca8bab095e9c1a9d4a715e00d31a6N

Files

9611469920cfc310c8c653f1b087358b9b8ca8bab095e9c1a9d4a715e00d31a6N
.dll windows:5 windows x86 arch:x86

6b9e545d124ff00fcc66f6164242ee43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Bond\Documents\Visual Studio 2013\Projects\cjosn\Release\cjosn.pdb

Imports

kernel32

GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
LCMapStringW
RtlUnwind
HeapReAlloc
SetStdHandle
WriteConsoleW
HeapSize
FlushFileBuffers
CreateFileW
CloseHandle
RaiseException

Exports

Exports

cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_CreateArray
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateString
cJSON_CreateStringArray
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_Minify
cJSON_Parse
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b9e545d124ff00fcc66f6164242ee43

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB