df151694f1ada853adedd70f513e3dfaf59cdec2584e527b3f3192389f0655aa

Sharing

Copy URL

Twitter E-mail

General

Target

df151694f1ada853adedd70f513e3dfaf59cdec2584e527b3f3192389f0655aa
Size

359KB
MD5

30574d4eb2e1b6d618b62630aa259735
SHA1

416c48727b0962dab666cc876cc5a258c9ea2637
SHA256

df151694f1ada853adedd70f513e3dfaf59cdec2584e527b3f3192389f0655aa
SHA512

cb794d35367e9c4216e6e0b7fb2ce39a70ce745bd591554518038e450527eda63abdda477ef1099eaf9df13adc5647a17b2bbf294cc71a9094c34ab17e9afd55
SSDEEP

6144:taVqnL1nlmQgzdOQ7pA+EI0s+SlIgpEDdOLqv8DXlG:PgbiI0swgW5H8hG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df151694f1ada853adedd70f513e3dfaf59cdec2584e527b3f3192389f0655aa

Files

df151694f1ada853adedd70f513e3dfaf59cdec2584e527b3f3192389f0655aa
.exe windows x86

aae9a9ef9e507c993aa748a5c0d3c7a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ftlibbridge

?GetUpdateManager@OpReadBackManager@@QAEPAVOpFlashUpdateManager@@XZ
?GetAuthManager@OpReadBackManager@@QAEPAVOpFlashAuthManager@@XZ
?getInstance@OpReadBackManager@@SAPAV1@XZ
?isIntranet@OpFlashAuthManager@@QAE_NXZ
?verCmp@OpFlashUpdateManager@@QAEHPBD0H@Z
?getReadBackToolName@OpFlashUpdateManager@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?checkForceUpdate@OpFlashUpdateManager@@QAE_NXZ
?getNewVersion@OpFlashUpdateManager@@QAEPBDXZ
?hasNewVersion@OpFlashUpdateManager@@QAE_NXZ
?checkFlashToolUpdate@OpFlashUpdateManager@@QAE_NPBD0@Z
?setLogPath@OpFlashLogManager@@QAE_NPBD@Z
?loginMes@OpFlashAuthManager@@QAE_NPBD000@Z
?print@OpFlashLogManager@@QAEXPBD@Z
?setRegionAndURL@OpFlashUpdateManager@@QAEX_NPBD@Z
?GetState@OpReadBackManager@@QAE?AW4READBACK_STATE@@XZ
?GetPlatform@OpReadBackManager@@QAE?AW4_opFlashPlatform@@XZ
?ReadBackCustom@OpReadBackManager@@QAEHABUReadBackCustomParam@@@Z
?ReadBackCustom@OpReadBackManager@@QAEHH_J0V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ReadBackPartitions@OpReadBackManager@@QAEHABV?$vector@UReadBackParam@@V?$allocator@UReadBackParam@@@std@@@std@@@Z
?GetUserData@OpReadBackManager@@QAE?AUReadBackUserData@@XZ
?GetPartionList@OpReadBackManager@@QAEABV?$vector@UReadBackPartitionData@@V?$allocator@UReadBackPartitionData@@@std@@@std@@XZ
?RegisterHandler@OpReadBackManager@@QAEXPAVIReadBackEventHandler@@@Z
?SetChipPlatform@OpReadBackManager@@QAEXPBD@Z
?Init@OpReadBackManager@@QAE_NPBD0@Z
?init@OpPluginManager@@QAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?getInstance@OpPluginManager@@SAPAV1@XZ
?getInstance@OpFlashLogManager@@SAPAV1@XZ
?requestVerifyCodeOcsm@OpFlashAuthManager@@QAE_NPBD0@Z
?loginOcsm@OpFlashAuthManager@@QAE_NPBD000@Z
?loginWcsm@OpFlashAuthManager@@QAE_NPBD000@Z
?getStatus@OpFlashAuthManager@@QBEPBDXZ
?getMessage@OpFlashAuthManager@@QBEPBDXZ
?getLogPath@OpFlashLogManager@@QBEPBDXZ

ftlibbase

opdbg_log

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

dbghelp

MiniDumpWriteDump

kernel32

GetCurrentThreadId
OpenProcess
CreateFileA
CloseHandle
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
TerminateProcess
InitializeCriticalSectionEx
CreateMutexA
GetVersionExW
GetLastError
GetProcAddress
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetACP
CreateDirectoryW
GetShortPathNameW
GetModuleFileNameW
SizeofResource
InitializeCriticalSectionAndSpinCount
LockResource
LoadResource
FindResourceW
GlobalSize
GlobalLock
GlobalUnlock
MulDiv
GlobalReAlloc
GetStdHandle
WriteFile
SetConsoleMode
GetConsoleMode
FreeConsole
AllocConsole
GetTickCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW

user32

GetMessagePos
GetKeyState
DefWindowProcW
MessageBoxW
IsIconic
DrawIcon
SetCapture
ClientToScreen
CopyRect
WindowFromPoint
PostMessageW
GetClientRect
IsClipboardFormatAvailable
KillTimer
GetParent
GetWindowRect
GetFocus
InvertRect
ScreenToClient
GetClassInfoW
ClipCursor
IsWindow
ReleaseCapture
GetCursorPos
GetSystemMetrics
GetCapture
SetTimer
IntersectRect
IsWindowVisible
OffsetRect
IsRectEmpty
PtInRect
DrawFrameControl
InvalidateRect
InflateRect
FillRect
FrameRect
GetSysColor
LoadCursorW
SetCursor
DrawTextW
SetRect
DrawEdge
GetDC
SystemParametersInfoW
ReleaseDC
SendMessageW
LoadIconW
EnableWindow
GetDoubleClickTime

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW
SHGetSpecialFolderLocation

oleaut32

VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime

shlwapi

PathIsDirectoryW

mfc140u

ord3188
ord6587
ord9135
ord1446
ord4236
ord3257
ord6834
ord2389
ord2385
ord2215
ord6489
ord2304
ord2246
ord5249
ord5549
ord5760
ord9350
ord5525
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord9209
ord9128
ord1070
ord3872
ord2993
ord8744
ord4222
ord3147
ord6497
ord3882
ord6566
ord14590
ord296
ord280
ord286
ord1045
ord14405
ord1523
ord1525
ord2990
ord12884
ord12921
ord8360
ord6501
ord1452
ord976
ord6559
ord4881
ord2522
ord4323
ord898
ord6795
ord321
ord7327
ord4649
ord8365
ord8811
ord13293
ord13086
ord358
ord2396
ord4882
ord4663
ord8756
ord4856
ord3236
ord2390
ord13148
ord1354
ord13962
ord823
ord6750
ord7654
ord11633
ord6880
ord13935
ord4445
ord6882
ord13544
ord13028
ord2865
ord8817
ord7820
ord5419
ord7441
ord8157
ord5653
ord2535
ord12552
ord841
ord14657
ord12405
ord14604
ord12348
ord6486
ord8225
ord6751
ord7125
ord1391
ord890
ord3182
ord540
ord2383
ord1430
ord3968
ord951
ord1193
ord566
ord13070
ord1108
ord8884
ord14127
ord450
ord2520
ord2378
ord2257
ord8161
ord3580
ord5209
ord4807
ord13359
ord4076
ord2614
ord842
ord3187
ord13965
ord987
ord2307
ord4499
ord2562
ord2345
ord5890
ord14610
ord12354
ord1194
ord568
ord5109
ord3345
ord8485
ord14453
ord12559
ord290
ord1692
ord4664
ord4742
ord14417
ord14411
ord8464
ord5781
ord1374
ord9990
ord12887
ord12526
ord853
ord7486
ord10250
ord6495
ord3171
ord1474
ord997
ord13087
ord2996
ord1072
ord3852
ord5918
ord12239
ord8217
ord12251
ord12219
ord13442
ord8470
ord7653
ord1472
ord8386
ord12247
ord10433
ord12928
ord12865
ord4589
ord7997
ord8324
ord5357
ord10379
ord2486
ord12541
ord12542
ord14589
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord12027
ord2034
ord11982
ord11983
ord14466
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord995
ord6860
ord952
ord2205
ord1405
ord7313
ord5763
ord12037
ord366
ord2172
ord6533
ord3804
ord14234
ord8773
ord11038
ord4485
ord2477
ord3359
ord3237
ord6801
ord6316
ord4093
ord1143
ord501
ord3009
ord285
ord5921
ord1653
ord2458
ord5110
ord1689
ord1068
ord362
ord6865
ord5210
ord14047
ord13085
ord14599
ord3055
ord4494
ord9693
ord5790
ord4502
ord4988
ord4927
ord4912
ord4974
ord5019
ord4942
ord4997
ord5013
ord4954
ord4960
ord4966
ord4948
ord5003
ord4936
ord1777
ord1756
ord1770
ord1744
ord1465
ord3346
ord1722
ord12258
ord12262
ord13878
ord3266
ord9256
ord11002
ord6978
ord12220
ord8965
ord14588
ord11936
ord3833
ord3838
ord3697
ord6490
ord3145
ord4219
ord1066
ord12089
ord9139
ord11726
ord9126
ord6549
ord1133
ord11725
ord5652
ord10288
ord10284
ord10286
ord1113
ord4815
ord10287
ord3164
ord3403
ord10285
ord14785
ord1476
ord3404
ord4092
ord10472
ord11396
ord11015
ord2761
ord9040
ord1111
ord9210
ord2760
ord13752
ord6218
ord12131
ord8776
ord1002
ord4886
ord12168
ord8210
ord10255
ord3265
ord3302
ord3371
ord3372
ord3941
ord12124
ord2682
ord14137
ord5935
ord13703
ord14131
ord11717
ord4477
ord6877
ord8754
ord14507
ord3305
ord13756
ord6220
ord6129
ord14596
ord3816
ord7109
ord462
ord12173
ord9235
ord7495
ord2409
ord5117
ord7923

gdi32

CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW
PatBlt
CreatePen
GetObjectW
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W
GetCurrentObject

comctl32

ImageList_Draw
ImageList_AddMasked
InitCommonControlsEx
ImageList_GetImageInfo

vcruntime140

memcpy
memmove
__std_terminate
_CxxThrowException
__std_exception_destroy
__std_exception_copy
_except_handler4_common
memset
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
_purecall

api-ms-win-crt-time-l1-1-0

wcsftime
_time64
_localtime64_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__stdio_common_vsprintf
freopen
__acrt_iob_func
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

exit
_invalid_parameter_noinfo
_errno
_seh_filter_exe
_set_app_type
terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initialize_wide_environment
_exit
_get_wide_winmain_command_line
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcstok

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc
realloc
calloc
_recalloc

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-convert-l1-1-0

_wtoll
atoi
wcstoul
_wtoi

api-ms-win-crt-utility-l1-1-0

ldiv

api-ms-win-crt-math-l1-1-0

__setusermatherr
floor
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aae9a9ef9e507c993aa748a5c0d3c7a4

Headers

DLL Characteristics

File Characteristics

Imports

version

ftlibbridge

ftlibbase

msvcp140

dbghelp

kernel32

user32

advapi32

shell32

oleaut32

shlwapi

mfc140u

gdi32

comctl32

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 100B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 139KB - Virtual size: 139KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 100B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 139KB - Virtual size: 139KB

.reloc
Size: 15KB - Virtual size: 14KB