13489c4a1454feccc427755b2e81f1ddd537f76f183a271e424a50ea4b11e3ab

Sharing

Copy URL Twitter E-mail

General

Target

13489c4a1454feccc427755b2e81f1ddd537f76f183a271e424a50ea4b11e3ab
Size

781KB
MD5

cb5e64798c9344ae7fcf27c27a892a5a
SHA1

c1fbfee374ae9f46c7df9c03f4e209e17e734e6e
SHA256

13489c4a1454feccc427755b2e81f1ddd537f76f183a271e424a50ea4b11e3ab
SHA512

161b249212c2e996451e9cb35c9dc092b3ef1b778cac9570d0fb62bfc2028c5c057033777987012ec30b6f8e753c05da1a7bc783dc5c41c9c5c9c8d938238680
SSDEEP

3072:aOEF1DGZiBDuMujGRoiVacfEyGwew1k5FRnGULwCJOtOqt87dTiToXBe3ZM6KXZZ:g1faMujsVacfUwALtJfqtfcxOZM60

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13489c4a1454feccc427755b2e81f1ddd537f76f183a271e424a50ea4b11e3ab

Files

13489c4a1454feccc427755b2e81f1ddd537f76f183a271e424a50ea4b11e3ab
.dll windows x86

e3711c13c4800b9ade2ac505b843d325

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcp140

?_Xlength_error@std@@YAXPBD@Z

tsp-tags

?Postfix@BasePainter@tsTags@@UAEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Prefix@BasePainter@tsTags@@UAEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?IsValid@BasePainter@tsTags@@UAE_NXZ
?HandleWarning@BasePainter@tsTags@@UAEXABVNode@2@AAVContext@2@@Z
?HandleError@BasePainter@tsTags@@UAEXABVNode@2@AAVContext@2@@Z
??1BasePainter@tsTags@@MAE@XZ
?SanityCheck@BasePainter@tsTags@@MAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVTreeCursor@2@ABVNode@2@AAVContext@2@@Z
?to_string@base_item@tsTags@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?IsCodeEnd@BasePainter@tsTags@@UAE_NPBD@Z
?text@Context@tsTags@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVNode@2@@Z
?set_line_number@base_item@tsTags@@UAEXXZ
?load_ex@base_item@tsTags@@MAE_NAAVTreeCursor@2@AAVContext@2@@Z
?add_kind@base_item@tsTags@@IAE_NPBDAAVTreeCursor@2@AAVContext@2@@Z
?is_error@base_item@tsTags@@UAE_NXZ
?load@base_item@tsTags@@UAE_NAAVTreeCursor@2@AAVContext@2@@Z
??0NodeItem@tsTags@@QAE@ABV01@@Z
??0base_item@tsTags@@QAE@ABV01@@Z
?add_scope@base_item@tsTags@@QAEXPAV12@@Z
?Process@BasePainter@tsTags@@MAEXABVNode@2@AAVContext@2@@Z
??0BasePainter@tsTags@@QAE@ABU_Terms@1@ABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@11@Z
?FoldedText@BasePainter@tsTags@@UAEPBDPBD@Z
??1NodeItem@tsTags@@QAE@XZ
?Error@BaseMapper@tsTags@@MAEXABVNode@2@AAVContext@2@@Z
?Warning@BaseMapper@tsTags@@MAEXABVNode@2@AAVContext@2@@Z
?Reset@BaseMapper@tsTags@@UAEXXZ
??0BaseLanguage_@tsTags@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1BaseLanguage_@tsTags@@UAE@XZ
?Destroy@BaseLanguage_@tsTags@@UAEXXZ
?Key@BaseLanguage_@tsTags@@UAEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Extensions@BaseLanguage_@tsTags@@UAEABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?error@BaseMapper@tsTags@@MAEXABVNode@2@AAVContext@2@@Z
?skip_item@BaseMapper@tsTags@@IAEXABVNode@2@AAVContext@2@@Z
?Process@BaseMapper@tsTags@@MAEXABVNode@2@AAVContext@2@@Z
?LoadItem@BaseMapper@tsTags@@IAEXPAVbase_item@2@ABVNode@2@AAVContext@2@@Z
??1BaseMapper@tsTags@@MAE@XZ
??0BaseMapper@tsTags@@QAE@XZ
?LoadItems@BaseMapper@tsTags@@1V?$map@PBD_NU?$less@PBD@std@@V?$allocator@U?$pair@QBD_N@std@@@2@@std@@A
?IsCodeBegin@BasePainter@tsTags@@UAE_NPBD@Z
?have_child@TreeCursor@tsTags@@QAE_NPBD@Z
??0Node@tsTags@@QAE@ABUTSNode@@@Z
??0TreeCursor@tsTags@@QAE@ABUTSNode@@@Z
??0TreeCursor@tsTags@@QAE@ABVNodeItem@1@@Z
??1TreeCursor@tsTags@@UAE@XZ
?find_child_text@TreeCursor@tsTags@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDPBVTree@2@@Z
?find_child@TreeCursor@tsTags@@QAE?AVNodeItem@2@PBD@Z
?find_node_text@TreeCursor@tsTags@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD0PBVTree@2@@Z
?get_children@TreeCursor@tsTags@@QAEXAAV?$vector@VNodeItem@tsTags@@V?$allocator@VNodeItem@tsTags@@@std@@@std@@PBD@Z
?add_kind@base_item@tsTags@@QAE_NPBD0AAVTreeCursor@2@AAVContext@2@@Z
?add_kind@base_item@tsTags@@QAE_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?find_kind@base_item@tsTags@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
??0base_item@tsTags@@QAE@XZ
??1base_item@tsTags@@UAE@XZ
?add_child@base_item@tsTags@@UAEXPAVbase_item_ex@2@@Z
?clone@base_item@tsTags@@UAEPAVbase_item_ex@2@AAVContext@2@@Z
?Error@BasePainter@tsTags@@MAEXABVNode@2@AAVContext@2@@Z

vcruntime140

memcpy
__std_type_info_destroy_list
memset
_except_handler4_common
_CxxThrowException
__current_exception_context
__current_exception
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memmove

api-ms-win-crt-string-l1-1-0

isxdigit
iswdigit
iswspace
iswalpha

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_cexit
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

kernel32

InitializeSListHead
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter

Exports

Exports

CreateLanguage
DllMain
tree_sitter_php

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3711c13c4800b9ade2ac505b843d325

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

tsp-tags

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 681KB - Virtual size: 680KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 681KB - Virtual size: 680KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 7KB