e38d5f6123986fe1c7b901f01e135fad5316c8de1d563946964584dd4bca3e82

Sharing

Copy URL Twitter E-mail

General

Target

e38d5f6123986fe1c7b901f01e135fad5316c8de1d563946964584dd4bca3e82
Size

122KB
MD5

78e2ebacddc027695c693cb78c67b8b1
SHA1

45d4a529dcc03abc030b322fb89fd9fbac808755
SHA256

e38d5f6123986fe1c7b901f01e135fad5316c8de1d563946964584dd4bca3e82
SHA512

cb450c909449ca0c22edd3e019eca28053933263fc61d8c59da1b348b65d1e76cf48ddef1f9d4be3a4fba4e6739beaba0936f79cffba01989acd845e7bf27211
SSDEEP

3072:gi2ILRRMTHC4pLmrVsy9/N124+tAt6PmJ1Qmdm:gi2ILRRMDCHV51x+at6k1QMm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e38d5f6123986fe1c7b901f01e135fad5316c8de1d563946964584dd4bca3e82

Files

e38d5f6123986fe1c7b901f01e135fad5316c8de1d563946964584dd4bca3e82
.dll windows x86

e09ae6a58cb087c2f49967637e236aa3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
UnmapViewOfFile
GetFileSizeEx
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
GetProcAddress
FreeLibrary
LoadLibraryW
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
Sleep
HeapAlloc
GetProcessHeap
HeapFree
WaitForSingleObject
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
Thread32Next
GetModuleFileNameW
CreateProcessW
SetUnhandledExceptionFilter
GetTickCount
GetCommandLineW
GetFileAttributesW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
WriteFile
CloseHandle
CreateThread
MultiByteToWideChar
Thread32First
CreateFileW

user32

LoadIconW
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl

shell32

SHGetFolderPathW
ord165
ShellExecuteW

ole32

CoTaskMemFree

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
PathAppendW

msvcp120

?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
_Strcoll
?id@?$collate@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0facet@locale@std@@IAE@I@Z
??_7facet@locale@std@@6B@
??1facet@locale@std@@MAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??_7_Facet_base@std@@6B@
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?tolower@?$ctype@D@std@@QBEDD@Z
_Strxfrm
?_Incref@facet@locale@std@@UAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z

uis

lua_touserdata
lua_isstring
lua_pushinteger
lua_rawgeti
lua_pushnil
lua_settable
lua_newuserdata
lua_getfield
lua_setmetatable
lua_gettop
lua_isuserdata
lua_pushstring
lua_setfield
close_uishit
open_uishit
lua_pushnumber
lua_toboolean
lua_topointer
lua_tothread
lua_tonumber
lua_pushboolean
lua_pushcclosure
lua_createtable
luaL_ref
lua_tointeger
lua_isnumber
lua_type
luaL_newstate
luaL_traceback
lua_settop
lua_pcall
lua_pushvalue
lua_tolstring

ws2_32

WSAStartup

vvbase

curl_easy_init
curl_easy_setopt
curl_easy_perform
curl_easy_getinfo
curl_easy_cleanup
curl_global_init
?GenerateGUID@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?MD5DigestToBase16@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUMD5Digest@1@@Z
?MD5Sum@base@@YAXPBXIPAUMD5Digest@1@@Z
?Serialize@JSONFileValueSerializer@@UAE_NABVValue@base@@@Z
?GetString@ListValue@base@@QBE_NIPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetString@DictionaryValue@base@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV34@@Z
?GetDictionary@ListValue@base@@QAE_NIPAPAVDictionaryValue@2@@Z
??1ValueSerializer@base@@UAE@XZ
?GetList@DictionaryValue@base@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAPAVListValue@2@@Z
?Deserialize@JSONFileValueSerializer@@UAEPAVValue@base@@PAHPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0FilePath@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1FilePath@@QAE@XZ
??0FilePath@@QAE@ABV0@@Z
?GetDictionary@DictionaryValue@base@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAPAV12@@Z

msvcr120

_except1
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
memset
memcpy
atoi
strchr
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
__CxxFrameHandler3
_CxxThrowException
__clean_type_info_names_internal
?terminate@@YAXXZ
_except_handler4_common
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
vswprintf_s
_set_purecall_handler
_set_invalid_parameter_handler
wcscpy_s
_wcsicmp
vsprintf_s
memchr
realloc
free
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
memmove

Exports

Exports

vvupdate_main

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e09ae6a58cb087c2f49967637e236aa3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcp120

uis

ws2_32

vvbase

msvcr120

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 89KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB