Software_Demo_unpacked[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Software_Demo_unpacked.rar
Size

6.9MB
MD5

8f29433f92653e53293e2a0d8f18dfce
SHA1

10ab81f314111507081cd19f9a1ca43032d21ec9
SHA256

8a1965fc2b1cfa4f438a99efde8add14c41af708a1961d151fb75a9f8f2de61e
SHA512

bce00a9dc451cdda50d490f450c84f13b92072bf643b86235608e2b37c63a67b81dec5aa0ae7d263f24e7bc2f8e3f52f53ecffa29c1285d8f664974c4766271e
SSDEEP

196608:eFNfXNXAGge7kblM88qI017KmEtdlyYDWEg/pKqZmFI9Mu7m:evXW7e7kblJHTElo4qZmW4

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Software Demo_unpacked.exe
unpack001/runtimes/win/native/libzstd.dll
unpack001/runtimes/win/native/mongocrypt.dll
unpack001/runtimes/win/native/snappy32.dll
unpack001/runtimes/win/native/snappy64.dll

Files

Software_Demo_unpacked.rar
.rar
Software Demo_unpacked.exe
.exe windows x64

af5fae81436482962005affbb4919ffd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_errno
_register_onexit_function
_initialize_onexit_table
_exit
abort
__p___argc
__p___wargv
_c_exit
terminate
_register_thread_local_exe_atexit_callback
exit

api-ms-win-crt-stdio-l1-1-0

fputwc
__p__commode
_set_fmode
fflush
__stdio_common_vfwprintf
fputws
__acrt_iob_func
__stdio_common_vswprintf
_wfopen
__stdio_common_vsprintf_s
setvbuf

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

wcsncmp
_wcsdup
strcspn
strcpy_s
wcsnlen

api-ms-win-crt-convert-l1-1-0

wcstoul
_wtoi

api-ms-win-crt-locale-l1-1-0

localeconv
___mb_cur_max_func
_lock_locales
___lc_codepage_func
___lc_locale_name_func
__pctype_func
setlocale
_configthreadlocale
_unlock_locales

api-ms-win-crt-math-l1-1-0

frexp
__setusermatherr

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64
wcsftime

Sections

.text
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.H5l
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.)J0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.y<c
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
runtimes/win/lib/netcoreapp3.1/System.Management.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-02-2021 20:09

Not After

10-02-2022 20:09

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:89:08:9e:44:70:a2:5d:c0:9e:b3:53:3b:d0:6f:70:00:ae:c1:66:f9:56:0d:4a:c0:45:4d:17:6b:ce:d8:7c
Signer

Actual PE Digest

10:89:08:9e:44:70:a2:5d:c0:9e:b3:53:3b:d0:6f:70:00:ae:c1:66:f9:56:0d:4a:c0:45:4d:17:6b:ce:d8:7c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runtimes/win/native/libzstd.dll
.dll windows x64

742bb7a8ff6d7a2efac0b2e4edb110fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
__dllonexit
__iob_func
__mb_cur_max
_amsg_exit
_errno
_exit
_initterm
_lock
_onexit
_snwprintf
_unlock
abort
calloc
clock
fflush
fputc
free
fwprintf
fwrite
getenv
localeconv
malloc
memcmp
memcpy
memmove
memset
qsort
raise
signal
strerror
strlen
strncmp
vfprintf
wcscpy
wcslen

user32

MessageBoxW

Exports

Exports

ZBUFF_compressContinue
ZBUFF_compressEnd
ZBUFF_compressFlush
ZBUFF_compressInit
ZBUFF_compressInitDictionary
ZBUFF_compressInit_advanced
ZBUFF_createCCtx
ZBUFF_createCCtx_advanced
ZBUFF_createDCtx
ZBUFF_createDCtx_advanced
ZBUFF_decompressContinue
ZBUFF_decompressInit
ZBUFF_decompressInitDictionary
ZBUFF_freeCCtx
ZBUFF_freeDCtx
ZBUFF_getErrorName
ZBUFF_isError
ZBUFF_recommendedCInSize
ZBUFF_recommendedCOutSize
ZBUFF_recommendedDInSize
ZBUFF_recommendedDOutSize
ZDICT_addEntropyTablesFromBuffer
ZDICT_finalizeDictionary
ZDICT_getDictID
ZDICT_getErrorName
ZDICT_isError
ZDICT_optimizeTrainFromBuffer_cover
ZDICT_optimizeTrainFromBuffer_fastCover
ZDICT_trainFromBuffer
ZDICT_trainFromBuffer_cover
ZDICT_trainFromBuffer_fastCover
ZDICT_trainFromBuffer_legacy
ZSTD_CCtxParams_getParameter
ZSTD_CCtxParams_init
ZSTD_CCtxParams_init_advanced
ZSTD_CCtxParams_reset
ZSTD_CCtxParams_setParameter
ZSTD_CCtx_getParameter
ZSTD_CCtx_loadDictionary
ZSTD_CCtx_loadDictionary_advanced
ZSTD_CCtx_loadDictionary_byReference
ZSTD_CCtx_refCDict
ZSTD_CCtx_refPrefix
ZSTD_CCtx_refPrefix_advanced
ZSTD_CCtx_reset
ZSTD_CCtx_setParameter
ZSTD_CCtx_setParametersUsingCCtxParams
ZSTD_CCtx_setPledgedSrcSize
ZSTD_CStreamInSize
ZSTD_CStreamOutSize
ZSTD_DCtx_loadDictionary
ZSTD_DCtx_loadDictionary_advanced
ZSTD_DCtx_loadDictionary_byReference
ZSTD_DCtx_refDDict
ZSTD_DCtx_refPrefix
ZSTD_DCtx_refPrefix_advanced
ZSTD_DCtx_reset
ZSTD_DCtx_setFormat
ZSTD_DCtx_setMaxWindowSize
ZSTD_DCtx_setParameter
ZSTD_DStreamInSize
ZSTD_DStreamOutSize
ZSTD_adjustCParams
ZSTD_cParam_getBounds
ZSTD_checkCParams
ZSTD_compress
ZSTD_compress2
ZSTD_compressBegin
ZSTD_compressBegin_advanced
ZSTD_compressBegin_usingCDict
ZSTD_compressBegin_usingCDict_advanced
ZSTD_compressBegin_usingDict
ZSTD_compressBlock
ZSTD_compressBound
ZSTD_compressCCtx
ZSTD_compressContinue
ZSTD_compressEnd
ZSTD_compressStream
ZSTD_compressStream2
ZSTD_compressStream2_simpleArgs
ZSTD_compress_advanced
ZSTD_compress_usingCDict
ZSTD_compress_usingCDict_advanced
ZSTD_compress_usingDict
ZSTD_copyCCtx
ZSTD_copyDCtx
ZSTD_createCCtx
ZSTD_createCCtxParams
ZSTD_createCCtx_advanced
ZSTD_createCDict
ZSTD_createCDict_advanced
ZSTD_createCDict_byReference
ZSTD_createCStream
ZSTD_createCStream_advanced
ZSTD_createDCtx
ZSTD_createDCtx_advanced
ZSTD_createDDict
ZSTD_createDDict_advanced
ZSTD_createDDict_byReference
ZSTD_createDStream
ZSTD_createDStream_advanced
ZSTD_dParam_getBounds
ZSTD_decodingBufferSize_min
ZSTD_decompress
ZSTD_decompressBegin
ZSTD_decompressBegin_usingDDict
ZSTD_decompressBegin_usingDict
ZSTD_decompressBlock
ZSTD_decompressBound
ZSTD_decompressContinue
ZSTD_decompressDCtx
ZSTD_decompressStream
ZSTD_decompressStream_simpleArgs
ZSTD_decompress_usingDDict
ZSTD_decompress_usingDict
ZSTD_endStream
ZSTD_estimateCCtxSize
ZSTD_estimateCCtxSize_usingCCtxParams
ZSTD_estimateCCtxSize_usingCParams
ZSTD_estimateCDictSize
ZSTD_estimateCDictSize_advanced
ZSTD_estimateCStreamSize
ZSTD_estimateCStreamSize_usingCCtxParams
ZSTD_estimateCStreamSize_usingCParams
ZSTD_estimateDCtxSize
ZSTD_estimateDDictSize
ZSTD_estimateDStreamSize
ZSTD_estimateDStreamSize_fromFrame
ZSTD_findDecompressedSize
ZSTD_findFrameCompressedSize
ZSTD_flushStream
ZSTD_frameHeaderSize
ZSTD_freeCCtx
ZSTD_freeCCtxParams
ZSTD_freeCDict
ZSTD_freeCStream
ZSTD_freeDCtx
ZSTD_freeDDict
ZSTD_freeDStream
ZSTD_getBlockSize
ZSTD_getCParams
ZSTD_getDecompressedSize
ZSTD_getDictID_fromDDict
ZSTD_getDictID_fromDict
ZSTD_getDictID_fromFrame
ZSTD_getErrorCode
ZSTD_getErrorName
ZSTD_getErrorString
ZSTD_getFrameContentSize
ZSTD_getFrameHeader
ZSTD_getFrameHeader_advanced
ZSTD_getFrameProgression
ZSTD_getParams
ZSTD_getSequences
ZSTD_initCStream
ZSTD_initCStream_advanced
ZSTD_initCStream_srcSize
ZSTD_initCStream_usingCDict
ZSTD_initCStream_usingCDict_advanced
ZSTD_initCStream_usingDict
ZSTD_initDStream
ZSTD_initDStream_usingDDict
ZSTD_initDStream_usingDict
ZSTD_initStaticCCtx
ZSTD_initStaticCDict
ZSTD_initStaticCStream
ZSTD_initStaticDCtx
ZSTD_initStaticDDict
ZSTD_initStaticDStream
ZSTD_insertBlock
ZSTD_isError
ZSTD_isFrame
ZSTD_maxCLevel
ZSTD_minCLevel
ZSTD_nextInputType
ZSTD_nextSrcSizeToDecompress
ZSTD_resetCStream
ZSTD_resetDStream
ZSTD_sizeof_CCtx
ZSTD_sizeof_CDict
ZSTD_sizeof_CStream
ZSTD_sizeof_DCtx
ZSTD_sizeof_DDict
ZSTD_sizeof_DStream
ZSTD_toFlushNow
ZSTD_versionNumber
ZSTD_versionString

Sections

.text
Size: 852KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runtimes/win/native/mongocrypt.dll
.dll windows x64

e01fe10f050d8b79fbe457b2183c7d7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

bcrypt

BCryptGetProperty
BCryptSignHash
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptImportKey
BCryptDecrypt
BCryptEncrypt
BCryptSetProperty
BCryptOpenAlgorithmProvider

ws2_32

gethostname

crypt32

CryptDecodeObjectEx

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcessId
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcess
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitOnceExecuteOnce

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memmove
memcpy
memcmp
memset
strstr
strchr

api-ms-win-crt-stdio-l1-1-0

_sopen_s
__stdio_common_vfprintf
_read
_close
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_execute_onexit_table
_initialize_narrow_environment
_cexit
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_crt_at_quick_exit
terminate
_errno
strerror_s
abort

api-ms-win-crt-string-l1-1-0

strncpy_s
isspace
tolower
isalnum
isdigit
isupper
isalpha
isxdigit
strspn
strncmp
_stricmp
_strdup
_strnicmp
strncpy
strcmp

api-ms-win-crt-heap-l1-1-0

realloc
calloc
free
malloc

api-ms-win-crt-time-l1-1-0

strftime
_gmtime64_s
_time64

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtod

api-ms-win-crt-utility-l1-1-0

rand
srand

Exports

Exports

mongocrypt_binary_data
mongocrypt_binary_destroy
mongocrypt_binary_len
mongocrypt_binary_new
mongocrypt_binary_new_from_data
mongocrypt_ctx_datakey_init
mongocrypt_ctx_decrypt_init
mongocrypt_ctx_destroy
mongocrypt_ctx_encrypt_init
mongocrypt_ctx_explicit_decrypt_init
mongocrypt_ctx_explicit_encrypt_init
mongocrypt_ctx_finalize
mongocrypt_ctx_kms_done
mongocrypt_ctx_mongo_done
mongocrypt_ctx_mongo_feed
mongocrypt_ctx_mongo_op
mongocrypt_ctx_new
mongocrypt_ctx_next_kms_ctx
mongocrypt_ctx_setopt_algorithm
mongocrypt_ctx_setopt_key_alt_name
mongocrypt_ctx_setopt_key_encryption_key
mongocrypt_ctx_setopt_key_id
mongocrypt_ctx_setopt_masterkey_aws
mongocrypt_ctx_setopt_masterkey_aws_endpoint
mongocrypt_ctx_setopt_masterkey_local
mongocrypt_ctx_state
mongocrypt_ctx_status
mongocrypt_destroy
mongocrypt_init
mongocrypt_kms_ctx_bytes_needed
mongocrypt_kms_ctx_endpoint
mongocrypt_kms_ctx_feed
mongocrypt_kms_ctx_get_kms_provider
mongocrypt_kms_ctx_message
mongocrypt_kms_ctx_status
mongocrypt_new
mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5
mongocrypt_setopt_crypto_hooks
mongocrypt_setopt_kms_provider_aws
mongocrypt_setopt_kms_provider_local
mongocrypt_setopt_kms_providers
mongocrypt_setopt_log_handler
mongocrypt_setopt_schema_map
mongocrypt_status
mongocrypt_status_code
mongocrypt_status_destroy
mongocrypt_status_message
mongocrypt_status_new
mongocrypt_status_ok
mongocrypt_status_set
mongocrypt_status_type
mongocrypt_version

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runtimes/win/native/snappy32.dll
.dll windows x86

a229ba0dee708573045b8ca09fceb082

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
QueryPerformanceCounter
GetProcessTimes
QueryPerformanceFrequency
EncodePointer
DecodePointer
IsProcessorFeaturePresent
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
HeapSize
RaiseException
HeapAlloc
SetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
GetProcessHeap
DeleteCriticalSection
RtlUnwind
ReadFile
ReadConsoleW
GetStdHandle
GetStartupInfoW
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
OutputDebugStringW
GetStringTypeW
CreateFileW
SetEndOfFile

Exports

Exports

snappy_compress
snappy_max_compressed_length
snappy_uncompress
snappy_uncompressed_length
snappy_unittests
snappy_validate_compressed_buffer

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runtimes/win/native/snappy64.dll
.dll windows x64

609ffef03dc49188439c4d766e677f9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
QueryPerformanceCounter
GetProcessTimes
QueryPerformanceFrequency
EncodePointer
DecodePointer
IsProcessorFeaturePresent
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
HeapSize
RtlUnwindEx
HeapAlloc
RtlPcToFileHeader
RaiseException
SetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
GetProcessHeap
DeleteCriticalSection
ReadFile
ReadConsoleW
GetStdHandle
GetStartupInfoW
CloseHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
OutputDebugStringW
GetStringTypeW
CreateFileW
SetEndOfFile

Exports

Exports

snappy_compress
snappy_max_compressed_length
snappy_uncompress
snappy_uncompressed_length
snappy_unittests
snappy_validate_compressed_buffer

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af5fae81436482962005affbb4919ffd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: - Virtual size: 77KB

.rdata Size: - Virtual size: 33KB

.data Size: - Virtual size: 5KB

.pdata Size: - Virtual size: 4KB

_RDATA Size: - Virtual size: 244B

.H5l Size: - Virtual size: 3.8MB

.)J0 Size: 2KB - Virtual size: 1KB

.y<c Size: 7.2MB - Virtual size: 7.2MB

.reloc Size: 512B - Virtual size: 272B

.rsrc Size: 105KB - Virtual size: 104KB

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

10:89:08:9e:44:70:a2:5d:c0:9e:b3:53:3b:d0:6f:70:00:ae:c1:66:f9:56:0d:4a:c0:45:4d:17:6b:ce:d8:7cSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 272KB - Virtual size: 272KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

742bb7a8ff6d7a2efac0b2e4edb110fd

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 852KB - Virtual size: 852KB

.data Size: 512B - Virtual size: 216B

.rdata Size: 28KB - Virtual size: 27KB

.pdata Size: 9KB - Virtual size: 9KB

.xdata Size: 11KB - Virtual size: 10KB

.bss Size: - Virtual size: 4KB

.edata Size: 6KB - Virtual size: 6KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 104B

.reloc Size: 512B - Virtual size: 232B

/4 Size: 512B - Virtual size: 80B

/19 Size: 7KB - Virtual size: 7KB

/31 Size: 512B - Virtual size: 303B

/45 Size: 1024B - Virtual size: 546B

/57 Size: 512B - Virtual size: 72B

e01fe10f050d8b79fbe457b2183c7d7a

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: - Virtual size: 77KB

.rdata
Size: - Virtual size: 33KB

.data
Size: - Virtual size: 5KB

.pdata
Size: - Virtual size: 4KB

_RDATA
Size: - Virtual size: 244B

.H5l
Size: - Virtual size: 3.8MB

.)J0
Size: 2KB - Virtual size: 1KB

.y<c
Size: 7.2MB - Virtual size: 7.2MB

.reloc
Size: 512B - Virtual size: 272B

.rsrc
Size: 105KB - Virtual size: 104KB

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

10:89:08:9e:44:70:a2:5d:c0:9e:b3:53:3b:d0:6f:70:00:ae:c1:66:f9:56:0d:4a:c0:45:4d:17:6b:ce:d8:7c
Signer

.text
Size: 272KB - Virtual size: 272KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 852KB - Virtual size: 852KB

.data
Size: 512B - Virtual size: 216B

.rdata
Size: 28KB - Virtual size: 27KB

.pdata
Size: 9KB - Virtual size: 9KB

.xdata
Size: 11KB - Virtual size: 10KB

.bss
Size: - Virtual size: 4KB

.edata
Size: 6KB - Virtual size: 6KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 104B

.reloc
Size: 512B - Virtual size: 232B

/4
Size: 512B - Virtual size: 80B

/19
Size: 7KB - Virtual size: 7KB

/31
Size: 512B - Virtual size: 303B

/45
Size: 1024B - Virtual size: 546B

/57
Size: 512B - Virtual size: 72B

.text
Size: 269KB - Virtual size: 269KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 15KB - Virtual size: 48KB

.pdata
Size: 14KB - Virtual size: 13KB

.idata
Size: 6KB - Virtual size: 6KB

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 9KB - Virtual size: 19KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB