Kulo Proxy[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Kulo Proxy.exe
Size

1.2MB
MD5

ebfab364b73086750daf8bb92fa28d13
SHA1

26a3c34f69bf122bf52907640632ac14cce5de40
SHA256

23ea89c33f96afa3a7a9cca5c18a6854b1c6f998bd2811eb03c1e02dc5ee62ab
SHA512

3715596a74e9bbaf3bbb27be98a85088fa060011a74970089afd4d516227e2f380a477829f31e9a049e52a343a3de42bbb902107f08f9a68cc583d9f9a38b47d
SSDEEP

24576:aMlzGK58sdKjrgi7QbU4jaRWHw0toX5nP7e2MpI3MbJvgIdnVAy:aoGK+sdKgi7M24YtSXpI3O6y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Kulo Proxy.exe

Files

Kulo Proxy.exe
.exe windows x64

b1cb25ef1cd08342c6147bc8d17a54dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitOnceComplete
InitOnceBeginInitialize
WideCharToMultiByte
GetFileSizeEx
CreateFileA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetEnvironmentVariableA
MultiByteToWideChar
WaitForSingleObjectEx
MoveFileExA
GetTickCount
QueryPerformanceCounter
VerifyVersionInfoA
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
SetConsoleTitleA
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
Sleep
SetEvent
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
CreateThread
GetModuleFileNameA
GetModuleHandleA
SetLastError
FormatMessageA
CloseHandle
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetStdHandle

user32

GetAsyncKeyState
MessageBoxA

libcrypto-3-x64

ASN1_STRING_length
ASN1_STRING_get0_data
EVP_MD_CTX_new
EVP_MD_CTX_free
EVP_DigestInit_ex
BIO_new_socket
EVP_DigestFinal_ex
EVP_md5
EVP_sha256
EVP_sha512
X509_STORE_free
X509_STORE_add_cert
BIO_ctrl
OPENSSL_sk_value
EVP_DigestUpdate
X509_free
d2i_X509
X509_get_subject_name
X509_NAME_get_text_by_NID
X509_get_ext_d2i
GENERAL_NAMES_free
OPENSSL_sk_num

libssl-3-x64

SSL_accept
SSL_CTX_get_cert_store
SSL_CTX_set_cert_store
SSL_pending
SSL_set_bio
SSL_set_verify
SSL_CTX_use_PrivateKey_file
TLS_server_method
SSL_get1_peer_certificate
SSL_new
SSL_free
SSL_connect
SSL_read_ex
SSL_write_ex
SSL_ctrl
SSL_get_error
TLS_client_method
SSL_shutdown
SSL_CTX_load_verify_locations
SSL_get_verify_result
OPENSSL_init_ssl
SSL_CTX_set_options
SSL_CTX_use_certificate_chain_file
SSL_CTX_ctrl
SSL_CTX_new
SSL_CTX_free
SSL_CTX_use_certificate_file

msvcp140

?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$collate@D@std@@2V0locale@2@A
_Thrd_join
_Thrd_hardware_concurrency
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_signal
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Random_device@std@@YAIXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?setf@ios_base@std@@QEAAHHH@Z
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??Bid@locale@std@@QEAA_KXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Strxfrm
_Strcoll
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Thrd_id
_Thrd_sleep
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z

ws2_32

WSAIoctl
send
WSASocketW
recvfrom
getaddrinfo
freeaddrinfo
sendto
getnameinfo
inet_pton
WSASetLastError
gethostname
htonl
htons
ntohl
ntohs
__WSAFDIsSet
accept
bind
closesocket
connect
ioctlsocket
getsockname
getsockopt
listen
select
setsockopt
shutdown
socket
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError
WSARecvFrom
WSASendTo
getpeername
recv

crypt32

CertAddCertificateContextToStore
CertFreeCertificateChainEngine
CertGetNameStringA
CertGetCertificateChain
CryptQueryObject
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateChain
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertOpenSystemStoreW
CertCreateCertificateChainEngine

winmm

timeGetTime
timeBeginPeriod

normaliz

IdnToAscii

wldap32

ord46
ord211
ord301
ord217
ord143
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord200
ord50
ord45
ord60

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

__std_terminate
memset
memcmp
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memchr
strrchr
__C_specific_handler
strstr
__current_exception
memmove
__current_exception_context
strchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_resetstkoflw
_invalid_parameter_noinfo
__sys_nerr
strerror
terminate
exit
_errno
abort
_getpid
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
system
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_c_exit
__p___argc
__p___argv

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
calloc
realloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
atoi
strtof
strtod
strtoll
strtoull

api-ms-win-crt-string-l1-1-0

_stricmp
tolower
isspace
isdigit
strcspn
strncpy
strspn
_strdup
strncmp
strpbrk
strcmp
isupper

api-ms-win-crt-stdio-l1-1-0

ftell
fseek
_lseeki64
__p__commode
__stdio_common_vfprintf
fgetc
_read
_write
_close
_open
_set_fmode
fopen
__stdio_common_vsscanf
fgets
__stdio_common_vsprintf
__stdio_common_vsprintf_s
ungetc
feof
_pclose
fputs
_popen
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
__acrt_iob_func
fflush
fclose
_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_access
_unlink
_fstat64
_access_s
_unlock_file
_lock_file
remove
_stat64

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dsign
ceilf
_dclass

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

advapi32

CopySid
OpenProcessToken
GetLengthSid
GetTokenInformation
IsValidSid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam

shell32

ShellExecuteA

Sections

.text
Size: 934KB - Virtual size: 934KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1cb25ef1cd08342c6147bc8d17a54dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

libcrypto-3-x64

libssl-3-x64

msvcp140

ws2_32

crypt32

winmm

normaliz

wldap32

rpcrt4

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

advapi32

shell32

Sections

.text Size: 934KB - Virtual size: 934KB

.rdata Size: 207KB - Virtual size: 207KB

.data Size: 18KB - Virtual size: 29KB

.pdata Size: 36KB - Virtual size: 35KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 934KB - Virtual size: 934KB

.rdata
Size: 207KB - Virtual size: 207KB

.data
Size: 18KB - Virtual size: 29KB

.pdata
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB