ae79226598263673cd3422bfc5c1083f860559327452025928939418d4322d56

Sharing

Copy URL Twitter E-mail

General

Target

ae79226598263673cd3422bfc5c1083f860559327452025928939418d4322d56
Size

1.3MB
MD5

ee5c744fdd4bbd372ef57f6bfaa469fa
SHA1

c18aeef9552097492b95ab5eb1154708e54a8255
SHA256

ae79226598263673cd3422bfc5c1083f860559327452025928939418d4322d56
SHA512

477fd9a7d3003d65d708032ceb5200d11b25b8902a2c2b30de6e59a11a53fda2cf18ab02123f60bc0c542f04c79a11b4a2b462baaa36e518460737c22dc0e050
SSDEEP

24576:tWHUZ31xcS5ueOI0QRjKpFrI6SaReO8f8gfvQ/qpyr0k/ADfePPf6qYTCvNkd3Og:V31xcQSTk3fvQ/qpyr0kkfePPf6qYTCI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae79226598263673cd3422bfc5c1083f860559327452025928939418d4322d56

Files

ae79226598263673cd3422bfc5c1083f860559327452025928939418d4322d56
.dll windows x86

da5c5c687bbbf6a1871927ea906f6342

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceFrequency
GetLastError
CreateDirectoryW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
DeleteFiber
ConvertFiberToThread
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
FreeLibrary
LoadLibraryA
LoadLibraryW
CloseHandle
Sleep
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcessId
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSection
EncodePointer

msvcp120

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QBE_WD@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?_Winerror_map@std@@YAPBDH@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
_Cnd_init
_Cnd_destroy
_Cnd_signal
_Cnd_broadcast
_Cnd_wait
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_equal
?_Xruntime_error@std@@YAXPBD@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@HPBD@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
_Thrd_sleep
_Xtime_diff_to_millis2
xtime_get
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
_Xtime_get_ticks
??1_Pad@std@@QAE@XZ
?_Release@_Pad@std@@QAEXXZ
??0_Pad@std@@QAE@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_BADOFF@std@@3_JB
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Syserror_map@std@@YAPBDH@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Thrd_current
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
_Mtx_unlock
_Mtx_lock
_Mtx_destroy
?_Throw_C_error@std@@YAXH@Z
_Mtx_init

version

VerQueryValueW

msvcr120

_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
__clean_type_info_names_internal
__CxxFrameHandler3
_CxxThrowException
??3@YAXPAX@Z
memmove
??2@YAPAXI@Z
ldiv
??1type_info@@UAE@XZ
__iob_func
swprintf_s
strchr
modf
free
malloc
sprintf_s
wcschr
_waccess
wcsftime
_ftime64_s
??0exception@std@@QAE@XZ
_wtoi
_vswprintf_c_l
_vsnwprintf_s
_vscwprintf
_wsplitpath_s
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_except1
sprintf
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?wait@Concurrency@@YAXI@Z
fclose
fputc
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
memcpy_s
ungetc
fgetc
fgetwc
ungetwc
fwrite
fputwc
_unlock_file
_lock_file
_localtime64_s
?terminate@@YAXXZ
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
_purecall
memcpy
memset
realloc
_time64
qsort
strrchr
memchr
strcspn
strncmp
strspn
strerror_s
strcmp
atoi
_strnicmp
feof
ferror
fgets
_fileno
fread
fseek
ftell
_errno
_setmode
strncpy
_exit
_vsnprintf
_vsnwprintf
wcsstr
raise
isspace
fprintf
getenv
strtol
_stricmp
strtoul
sscanf
_gmtime64_s
fopen
_wfopen
strstr
_stat64i32
fputs
signal
__RTDynamicCast

bcrypt

BCryptGenRandom

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptCreateHash
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
DeregisterEventSource
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam

ws2_32

recv
send
WSASetLastError
WSACleanup
closesocket
WSAGetLastError

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenStore
CertGetCertificateContextProperty

Exports

Exports

CloseLogger
CreateComponent
CreateLogger
DestroyLoggerMgr
GetLogID
GetLogLevel
GetLoggerMgr
LogOut

Sections

.text
Size: 892KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da5c5c687bbbf6a1871927ea906f6342

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp120

version

msvcr120

bcrypt

user32

advapi32

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 892KB - Virtual size: 892KB

.rdata Size: 381KB - Virtual size: 381KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 50KB - Virtual size: 50KB

.text
Size: 892KB - Virtual size: 892KB

.rdata
Size: 381KB - Virtual size: 381KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 50KB - Virtual size: 50KB