82f3859a00f23ff03b0603e5380c55aa3b068656032de29074cc0aac6d2229be

Sharing

Copy URL Twitter E-mail

General

Target

82f3859a00f23ff03b0603e5380c55aa3b068656032de29074cc0aac6d2229be
Size

651KB
MD5

51d23aadc2e0b46f3723f3ad57be8146
SHA1

71028b5cdf2fd6ff6695b933782036a3b31858cb
SHA256

82f3859a00f23ff03b0603e5380c55aa3b068656032de29074cc0aac6d2229be
SHA512

916610c73448fa5e8ff759955e168af04e636df32c1c0b00f9e5bcfb70c5bb93a127c5899b9d5ab85ef09717152d5484a8ff7de827718a6a7eff4b9de51c7611
SSDEEP

6144:icMtIA2r475aE3iL/fQ7MlCe+/SpFTlp6OHeAPGrW0VKbOu9EVVyM5K0ZPW/IUI:PMtIA2c75aX8ssopCAVwoMQ2O0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82f3859a00f23ff03b0603e5380c55aa3b068656032de29074cc0aac6d2229be

Files

82f3859a00f23ff03b0603e5380c55aa3b068656032de29074cc0aac6d2229be
.exe windows x86

ba72971e90be42e36faaaa8ad07baa83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

litexml

newXmlDocument

rpc_provider

?login_single@CAsyncRPC_Login@rpc@@QAEIV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6AXABV34@PAX@ZP6AXI2@ZP6AXI12@Z2@Z
?call_get_agent_channels@CSyncRPC_SlbTool@rpc@@QAEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV34@H@Z
?call_get_machine_details@CSyncRPC_SystemInfo@rpc@@QAEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV34@H@Z

rpc

?instance@IRpcBase@rpc@@SAAAV12@XZ

pb

?machine_id@EndPointChannel@SlbTool@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??4EndPointChannel@SlbTool@@QAEAAV01@ABV01@@Z
?channel_hash@EndPointChannel@SlbTool@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?set_api_name@PostMessageData@StatusNotify@@QAEXPBD@Z
??0PostMessageData@StatusNotify@@QAE@XZ
??1PostMessageData@StatusNotify@@UAE@XZ
??0EndPointChannels@SlbTool@@QAE@XZ
??1EndPointChannels@SlbTool@@UAE@XZ
?add_end_point_channel@EndPointChannels@SlbTool@@QAEPAVEndPointChannel@2@XZ
?end_point_channel_size@EndPointChannels@SlbTool@@QBEHXZ
?end_point_channel@EndPointChannels@SlbTool@@QBEABVEndPointChannel@2@H@Z

libprotobuf

?ParseFromString@MessageLite@protobuf@google@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SerializeAsString@MessageLite@protobuf@google@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

kernel32

TerminateThread
InitializeCriticalSectionAndSpinCount
CreateEventA
FormatMessageW
LeaveCriticalSection
CreateSemaphoreA
ReleaseSemaphore
VerifyVersionInfoW
InterlockedExchange
GetLastError
SetLastError
QueueUserAPC
EnterCriticalSection
InterlockedExchangeAdd
CreateEventW
PostQueuedCompletionStatus
WaitForMultipleObjects
CreateIoCompletionPort
DeleteCriticalSection
DuplicateHandle
TlsAlloc
CloseHandle
LocalFree
TlsFree
FindResourceW
LoadResource
GetSystemTimes
GetProcessTimes
OpenProcess
SizeofResource
Sleep
GetExitCodeProcess
CreateProcessA
GlobalUnlock
LockResource
GlobalMemoryStatusEx
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
QueryDosDeviceW
CreateToolhelp32Snapshot
TerminateProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetWindowsDirectoryW
Process32NextW
Process32FirstW
GetModuleHandleA
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
HeapFree
GetProcessHeap
MultiByteToWideChar
LocalAlloc
lstrlenA
CreateFileW
TlsSetValue
FormatMessageA
WaitForSingleObjectEx
SleepEx
SetEvent
InterlockedCompareExchange
WaitForSingleObject
GetCurrentProcess
InterlockedDecrement
VerSetConditionMask
GetQueuedCompletionStatus
InterlockedIncrement
SetWaitableTimer
TlsGetValue
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
GetDiskFreeSpaceExW
AreFileApisANSI
WaitForMultipleObjectsEx
ResetEvent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSetInformation
DecodePointer
EncodePointer
GetCurrentDirectoryW
GetFileAttributesW
DeviceIoControl
DeleteFileW
RemoveDirectoryW
FindClose
CreateWaitableTimerA
OpenEventA
IsProcessorFeaturePresent

user32

wsprintfA

advapi32

RegDeleteKeyA
RegCreateKeyA
RegOpenKeyExA
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
RegQueryValueExA
RegCreateKeyExA
QueryServiceConfigA
QueryServiceConfig2A
QueryServiceStatus
OpenSCManagerA
OpenServiceA
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
GetUserNameA
RegDeleteValueA
RegGetValueA
RegSetValueExA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitialize

oleaut32

VariantCopy
VariantInit
SysFreeString
VariantClear
SysAllocString

msvcp100

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?precision@ios_base@std@@QAE_J_J@Z
?flags@ios_base@std@@QAEHH@Z
?flags@ios_base@std@@QBEHXZ
?exceptions@ios_base@std@@QAEXH@Z
?good@ios_base@std@@QBE_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?widen@?$ctype@D@std@@QBEDD@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?max@?$numeric_limits@_J@std@@SA_JXZ
?max@?$numeric_limits@I@std@@SAIXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_BADOFF@std@@3_JB
?_Xfunc@tr1@std@@YAXXZ
?classic@locale@std@@SAABV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?min@?$numeric_limits@_J@std@@SA_JXZ
?min@?$numeric_limits@I@std@@SAIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?_Id_cnt@id@locale@std@@0HA
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
??0_Locimp@locale@std@@AAE@ABV012@@Z
??1_Locimp@locale@std@@MAE@XZ
??0?$codecvt@_WDH@std@@QAE@I@Z
?do_length@?$codecvt@_WDH@std@@MBEHABHPBD1I@Z
??1?$codecvt@_WDH@std@@MAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?uncaught_exception@std@@YA_NXZ

msvcr100

strncpy
??_V@YAXPAX@Z
_purecall
fputc
_unlock_file
ungetc
fgetpos
_fseeki64
fflush
atoi
fgetc
tolower
fsetpos
setvbuf
_lock_file
memcpy_s
fwrite
fclose
_time64
memcpy
memset
_snwprintf
wcsncmp
_CxxThrowException
__CxxFrameHandler3
sprintf
free
malloc
srand
rand
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_snprintf
_beginthreadex
strerror
??8type_info@@QBE_NABV0@@Z
_wcsnicmp
??9type_info@@QBE_NABV0@@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
system
printf
??3@YAXPAX@Z
??2@YAPAXI@Z
??1bad_cast@std@@UAE@XZ
memchr

ws2_32

ioctlsocket
WSAStringToAddressA
inet_ntoa
WSAStartup
ntohl
htonl
WSASocketW
WSASend
select
WSAGetLastError
htons
WSACleanup
WSASetLastError
ntohs
connect
closesocket
getsockopt
setsockopt

psapi

GetProcessMemoryInfo
GetProcessImageFileNameW

iphlpapi

GetExtendedTcpTable
GetExtendedUdpTable

Exports

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba72971e90be42e36faaaa8ad07baa83

Headers

DLL Characteristics

File Characteristics

Imports

litexml

rpc_provider

rpc

pb

libprotobuf

kernel32

user32

advapi32

ole32

oleaut32

msvcp100

msvcr100

ws2_32

psapi

iphlpapi

Exports

Exports

Sections

.text Size: 301KB - Virtual size: 300KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 9KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 232KB - Virtual size: 231KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 301KB - Virtual size: 300KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 9KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 232KB - Virtual size: 231KB

.reloc
Size: 34KB - Virtual size: 33KB