e27415d8f67344b38a15b41bf3c27eade04e05042b27ea423bc1675273849a4b

Sharing

Copy URL Twitter E-mail

General

Target

e27415d8f67344b38a15b41bf3c27eade04e05042b27ea423bc1675273849a4b
Size

332KB
MD5

370673d4fb71b3ad803d2649c98424b2
SHA1

4005e365d947453ce955b46c6978efe2ff1e6aab
SHA256

e27415d8f67344b38a15b41bf3c27eade04e05042b27ea423bc1675273849a4b
SHA512

939aaa8f8c057027d3cf97fa2ffabbc56d52167d48e37345304aca8b1da6a0c06e9095103556ad34838c47cfc50e8cd087c78bf6ce1d4af4a5af41ef7f1b7755
SSDEEP

6144:ihjbyTIUEN5oefmgaK/p+j6lOXUI5ETYQnFZO/Wt:KG/pgaK/p+mlw5ETHFA/Wt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e27415d8f67344b38a15b41bf3c27eade04e05042b27ea423bc1675273849a4b

Files

e27415d8f67344b38a15b41bf3c27eade04e05042b27ea423bc1675273849a4b
.exe windows x86

c54d210962351d722a0d4158b5db2a2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

jansson

json_integer
json_deep_copy
json_false
json_object
json_object_set_new
json_load_callback
json_object_get
json_array_size
json_array_get
json_pack
json_string_value
json_integer_value
json_object_iter_value
json_object_key_to_iter
json_object_iter_next
json_object_iter
json_object_iter_key
json_string
json_array_append_new
json_array
json_unpack
json_dump_callback
json_delete
json_dumps
json_true
json_loadb

kernel32

GetFileAttributesW
CreateDirectoryW
GetLastError
DeleteFileW
FindNextFileW
FindClose
ReadFile
SetFilePointer
WriteFile
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetTempPathW
GetTempFileNameW
LocalAlloc
OpenMutexW
CreateMutexW
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
WaitForMultipleObjects
ResumeThread
CreateThread
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
ExitProcess
SetCurrentDirectoryW
SetUnhandledExceptionFilter
GetModuleHandleA
GetModuleFileNameA
InterlockedCompareExchange
GetComputerNameW
MapViewOfFileEx
CreateFileMappingW
GetFileSize
GetProcessId
DeleteTimerQueue
ExpandEnvironmentStringsW
GetLogicalDriveStringsW
SetErrorMode
GetVolumeInformationA
GetDiskFreeSpaceExA
CreateProcessW
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLocaleInfoW
LCMapStringW
GetACP
GetStdHandle
GetModuleHandleExW
SetLastError
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
GetTickCount
InterlockedIncrement
WideCharToMultiByte
DeleteCriticalSection
LocalFree
GetWindowsDirectoryW
Sleep
MultiByteToWideChar
ReadConsoleW
OpenProcess
InitializeCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetCurrentProcess
GetLongPathNameW
EnterCriticalSection
InterlockedExchange
CloseHandle
DeviceIoControl
CreateFileA
GetProcAddress
LoadLibraryW
FreeLibrary
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetStringTypeW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
TlsAlloc
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
OutputDebugStringW
IsDebuggerPresent
CreateFileW
GetVersion
SetEndOfFile
GetLocalTime

user32

CharNextW
DefWindowProcW
DestroyWindow

advapi32

RegQueryValueExW
RegEnumKeyExA
StartServiceCtrlDispatcherW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
CloseServiceHandle
OpenSCManagerW
StartServiceW
QueryServiceConfigW
OpenServiceW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
RegOpenKeyExW
SetSecurityDescriptorDacl
RegSetValueExW
InitializeSecurityDescriptor
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantCopy
VariantClear
VarUI4FromStr
VariantInit

topsecdb

ord13
ord9

repaireng

?CreateTask@LeakRepairEng@@YAPAVITask@1@PBD0PAUjson_t@@PAVIDownloader@1@@Z
?CreateExcludeDB@LeakRepairEng@@YAPAVIExcludeDB@1@XZ
?EnableSystemUpdate@LeakRepairEng@@YAJJ@Z

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx

topseccomm

CreateLPCClient

iphlpapi

GetAdaptersInfo
GetBestInterfaceEx
GetIfEntry
GetAdaptersAddresses

libcurl

curl_easy_setopt
curl_easy_perform
curl_easy_getinfo
curl_slist_append
curl_slist_free_all
curl_easy_init
curl_easy_cleanup

dbghelp

MiniDumpWriteDump

libxsse

ord30
ord10

ws2_32

htons
inet_addr
WSAAddressToStringA

psapi

GetProcessImageFileNameW

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c54d210962351d722a0d4158b5db2a2b

Headers

DLL Characteristics

File Characteristics

Imports

jansson

kernel32

user32

advapi32

shell32

ole32

oleaut32

topsecdb

repaireng

shlwapi

comctl32

topseccomm

iphlpapi

libcurl

dbghelp

libxsse

ws2_32

psapi

Sections

.text Size: 214KB - Virtual size: 214KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 5KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 384B

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 14KB - Virtual size: 17KB

.text
Size: 214KB - Virtual size: 214KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 5KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 384B

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 14KB - Virtual size: 17KB