18baece2e502e9faad2bc697c6aa2dca190d07fa74c68fbb09821e2662f757dc

Sharing

Copy URL Twitter E-mail

General

Target

18baece2e502e9faad2bc697c6aa2dca190d07fa74c68fbb09821e2662f757dc
Size

940KB
MD5

090e1e63f7cebe510c5d03ca3621891c
SHA1

52dbeb30c62731d5a8b2ab770e20518656604e4c
SHA256

18baece2e502e9faad2bc697c6aa2dca190d07fa74c68fbb09821e2662f757dc
SHA512

873b08519523bdda658459ab364c65e6eb2e4b1ee559dc752512bfe454e0b0416cc031a478b319bd5e72ceea2a303f710c016510b23ac897a70a2bf2e334a50e
SSDEEP

6144:HfM9LkHCDqOY7w9Gd38rsj0LSXvrwYMo5iEkuU1q+rB992MMAsE7vvdJkqrjYhZO:/M9wHC/RcvrJNkub+bJoEfTCZO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18baece2e502e9faad2bc697c6aa2dca190d07fa74c68fbb09821e2662f757dc

Files

18baece2e502e9faad2bc697c6aa2dca190d07fa74c68fbb09821e2662f757dc
.exe windows:6 windows x64

65371764a7487fb98b9316f275be1fae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

nlicensing

NLicensingModuleOf
NLicenseObtainComponentsA
NLicenseObtainA

kernel32

LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
CreateFileA
GetFileSize
CloseHandle
CreateFileMappingW
UnmapViewOfFile
SetEvent
GetProcAddress
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
SignalObjectAndWait
CreateSemaphoreW
MapViewOfFile
RtlLookupFunctionEntry
FreeLibrary
GetSystemDirectoryA
RtlCaptureContext
CreateThread
GlobalMemoryStatus
ReleaseSemaphore
FormatMessageA
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError

nbiometricclient

NOdbcBiometricConnectionSetEnrollQueryN
NOdbcBiometricConnectionSetDeleteQueryN
NOdbcBiometricConnectionSetSelectSubjectQueryN
NOdbcBiometricConnectionSetAllowMultipleGalleries
NSQLiteBiometricConnectionCreate
NSQLiteBiometricConnectionSetFileNameA
NDatabaseBiometricConnectionSetup
NDatabaseBiometricConnectionBeginLoadSubjects
NDatabaseBiometricConnectionEndLoadSubjects
NDatabaseBiometricConnectionLoadNextSubject
NBiometricTaskSerializerCreateCachedAvroSchema
NBiometricTaskPackRequest
NBiometricTaskApplyResponse
NBiometricTaskMergeResponse
NBiometricTaskUnpackPrepareRequest
NBiometricTaskPackPrepareResponse
NBiometricTaskUnpackRequest
NBiometricTaskPackResponse
NBiometricTaskUnpackHeader
NDatabaseBiometricConnectionPerformOperation
NOdbcBiometricConnectionCreate
NOdbcBiometricConnectionSetConnectionStringA
NOdbcBiometricConnectionSetTableNameA
NOdbcBiometricConnectionSetTableNameW
NOdbcBiometricConnectionSetSubjectIdColumnA
NOdbcBiometricConnectionSetSubjectIdColumnW
NOdbcBiometricConnectionSetTemplateColumnA
NOdbcBiometricConnectionSetSelectAllQueryA
NOdbcBiometricConnectionSetTemplateColumnW

nbiometrics

NBiometricTaskGetGalleryId
NBiometricTaskSetGalleryId
NBiometricTaskGetStatistics
NBiometricTaskGetError
NBiometricTaskGetSubjectCount
NBiometricTaskGetSubject
NBiometricTaskAddSubject
NBiographicDataElementDispose
NBiographicDataSchemaTypeOf
NBiographicDataSchemaCreate
NBiographicDataSchemaAddElement
NBiometricEngineTypeOf
NBiometricEngineCreate
NBiometricEngineInitialize
NBiometricEngineCreateTask
NBiometricEnginePerformTaskAsync
NBiometricEngineClearAsync
NBiometricEngineGetTaskProcessor
NBiographicDataSchemaLock
NBiographicDataSchemaGetElementsStartPtr
NBiometricEngineConfirmSubject
NBiographicDataSerializerPackStringDst
NBiometricTaskSetError
NBiometricsModuleOf
NQueryTypeOf
NSubjectGetStatus
NSubjectGetFingerCount
NSubjectGetFaceCount
NSubjectGetIrisCount
NSubjectGetTemplateBuffer
NSubjectGetId
NBiographicDataSchemaParseN
NBiographicDataSchemaGetElementCount
NBiometricConnectionInitialize
NBiographicDataSerializerPackString
NBiometricOperationsTypeOf
NBiometricTaskSetStatus
NSubjectSetStatus
NSubjectSetError
NBiometricTypeTypeOf
NMatchingResultGetId
NMatchingResultGetMatchingDetailsBuffer
NMatchingResultGetScore
NSubjectCreate
NSubjectSetTemplateBuffer
NSubjectSetIdN
NSubjectSetQueryStringN
NSubjectGetStatistics
NSubjectGetMatchingResultCount
NSubjectGetMatchingResult
NSubjectSetQuery
NBiometricTaskGetOperations
NBiometricTaskTypeOf
NBiometricTaskCreate

ncore

NCallbackCreateWithObjectRaw
NCallbackSet
NObjectGet
NObjectSet
NObjectSetPropertyPW
NErrorSetLastMPNA
NErrorSetLastW
NErrorCapture
NAsyncOperationWait
NAsyncOperationGetError
NAsyncOperationGetResult
NAsyncOperationAddCompleted
NAsyncOperationAddCompletedCallback
NAsyncOperationFromError
NTypeSetPropertyValuePW
NStringSubstringA
NTypeGetDeclaredPropertyCount
NTypeGetDeclaredProperty
NValueCreateCustom
NValueCreateFromInt32
NValueCreateFromInt64
NValueCreateFromDouble
NValueCreateFromStringN
NValueGetTypeCode
NValueToValueP
NValueToInt32
NValueToInt64
NValueToPointer
NValueToObjectP
NNameValuePairDispose
NBufferCreate
NBufferCreateFromPtr
NBufferCopyFromPtr
NBufferGetPtr
NBufferGetSize
NPropertyBagGetCount
NPropertyBagGetAt
NPropertyBagTryGetW
NStringLastIndexOfStrOrCharsW
NPropertyBagSetN
NPropertyBagSetW
NPropertyBagRemoveW
NPropertyBagApplyTo
NPropertyBagParseA
NExpandableObjectGetProperties
NTaskProcessorWaitForAll
NTraceSourceTraceEventW
NTraceSourceTraceEventFormatW
NEncodingGetStringN
NStopwatchGetTimestamp
NStopwatchTicksToMilliseconds
NProcessorInfoGetCount
NStringIndexOfStrOrCharsA
NThreadJoin
NWaitObjectWaitFor
NSemaphoreCreate
NSemaphoreRelease
NMemoryStreamCreate
NMemoryStreamCreateFromBufferN
NMemoryStreamGetBuffer
NMemberInfoGetId
NMemberInfoGetName
NPropertyInfoGetPropertyType
StatsdClientCreateFromConnectionString
StatsdClientGauge
StatsdClientTiming
NDataFileManagerGetInstance
NDataFileManagerAddFromDirectoryN
NPathCombineP1NW
NPathGetDirectoryNameN
NProcessGetCurrent
NProcessGetFileName
NCoreModuleOf
NStringTypeOf
NModuleCreate
NModuleSetOptions
NStringBuilderGetStrOrCharsBufferA
NModuleSetTitleW
NModuleSetProductW
NModuleSetCompanyW
NModuleSetCopyrightW
NModuleSetIdW
NModuleSetNativeIdW
NModuleSetVersionMajor
NModuleSetVersionMinor
NModuleSetVersionBuild
NModuleSetVersionRevision
NModuleRegister
NModuleSetDependences
NModuleSetActivatedProc
NStringBuilderInitA
NStringBuilderDisposeA
NStringBuilderAppendA
NStringBuilderDetachStringNA
NAllocArray
NCopyArray
NTypeRegister
NTypeAllocInstanceP
NObjectUnrefArray
NObjectToStringN
NPropertyBagCreate
NPropertyBagSetA
NPropertyBagCopyTo
NBufferTypeOf
NStreamTypeOf
NAsyncOperationWaitTimed
NAsyncOperationGetStatus
NAsyncOperationCreate
NAsyncOperationSetStatus
NListInitP
NListDispose
NStringContainsStrOrCharsW
NStringReplaceStrOrCharsW
NValueToString
NPropertyBagTryGetN
NInt64TypeOf
NStringIsEmpty
NObjectGetPropertyPW
NErrorCreateW
NEnumToStringPA
NThreadSleep
NValueCreateFromObjectP
NBufferCopy
NBufferToPtr
NStreamSetPosition
NAsyncOperationIsCompleted
NExpandableObjectCopyFrom
NListGetCount
NListGetStart
NListGetEnd
NListAddP
NListClear
NListToArrayP
NAsyncOperationSetAsCompleted
NCoreOnStart
NCoreOnExitEx
NStringBuilderAppendUInt64A
NTraceClearListeners
NTraceAddListener
NTraceSourceTraceEventN
NTraceSourceSetTraceLevel
NTraceSourceCreateW
NTraceListenerSetNameW
NTraceListenerTypeOf
NErrorGetCodeEx
NErrorGetLastEx
NErrorSuppress
NErrorGetDefaultMessageN
NObjectToStringW
NStringStartsWithStrOrCharsA
NStringGetBufferA
NStringSet
NStringCreateWrapperA
NStringCreateFromStrOrCharsA
NCAllocArray
NFree
NCAlloc
NBooleanTypeOf
NInt32TypeOf
NTypeTypeOf
NStringFormatW
NThreadCreate
NPropertyBagAddW
NStringBuilderAppendCharA
NStringBuilderAppendNA
NStringBuilderClearA
NTypeGetTypeCode
NModuleSetNameW

ws2_32

htonl
htons
inet_addr
inet_ntoa
ntohs
gethostbyaddr
gethostbyname
getservbyport
getservbyname
WSASetLastError
WSAGetLastError
ntohl
WSAStartup
WSACleanup
accept
bind
closesocket
connect
getpeername
listen
recv
send
sendto
shutdown
socket

vcruntime140

wcsrchr
strchr
__C_specific_handler
memmove
memcmp
memcpy
memset
strrchr

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
malloc
realloc

api-ms-win-crt-utility-l1-1-0

bsearch
qsort
rand
srand

api-ms-win-crt-runtime-l1-1-0

_exit
exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_configure_narrow_argv
terminate
_initialize_narrow_environment
_errno
strerror
_initialize_onexit_table
_register_onexit_function
_set_app_type
_seh_filter_exe
_initterm_e
_cexit
_crt_atexit

api-ms-win-crt-string-l1-1-0

_wcsicmp
strncpy
_strdup
_stricmp
strcpy_s
strncpy_s
strcat_s

api-ms-win-crt-convert-l1-1-0

atoi
strtoul

api-ms-win-crt-stdio-l1-1-0

fgets
__stdio_common_vfscanf
_set_fmode
__p__commode
fclose
fwrite
fseek
fread
fflush
__acrt_iob_func
fopen
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
feof

api-ms-win-crt-filesystem-l1-1-0

rename
_unlink
remove

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 671KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65371764a7487fb98b9316f275be1fae

Headers

DLL Characteristics

File Characteristics

Imports

nlicensing

kernel32

nbiometricclient

nbiometrics

ncore

ws2_32

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 671KB - Virtual size: 670KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 1KB - Virtual size: 29KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 671KB - Virtual size: 670KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 1KB - Virtual size: 29KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 1KB - Virtual size: 1KB