390928fe0f6222b08d8a7148656ba633c1ae4635cdff6013f289fc294dd11753

Sharing

Copy URL Twitter E-mail

General

Target

390928fe0f6222b08d8a7148656ba633c1ae4635cdff6013f289fc294dd11753
Size

407KB
MD5

09d5d42e463d004e70d24d7dd4eaa096
SHA1

9725ce4c96ab1078fb6242e7ad5163d69089c0f9
SHA256

390928fe0f6222b08d8a7148656ba633c1ae4635cdff6013f289fc294dd11753
SHA512

2c711c015c90645b3007021f96482fcc0bcc5d9dc9e9417e0e3f015b519f984432709809d9b885e53f7ab59f4a905c89d31d77e9221c744a4bfc13581b2be82c
SSDEEP

6144:b09z2PPbb44NBYABdzay19AU3u5oUhq8OopI0cJtVD6YY/swz3:b09zobUwNaa9AUoVYtVD6YY33

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
390928fe0f6222b08d8a7148656ba633c1ae4635cdff6013f289fc294dd11753

Files

390928fe0f6222b08d8a7148656ba633c1ae4635cdff6013f289fc294dd11753
.exe windows:5 windows x86

8a72c66341644fdcfda1b5ce35629b72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
FreeLibrary
OutputDebugStringA
MultiByteToWideChar
LoadLibraryW
GetPrivateProfileIntW
Process32Next
GetLastError
CloseHandle
TerminateProcess
SetLastError
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetModuleHandleA
Sleep
GetCommandLineW
GetCurrentProcess
SetEvent
OpenEventA
QueryPerformanceCounter
FormatMessageA
LocalFree
AreFileApisANSI
GetProcAddress
GetModuleFileNameW
GetCurrentThread
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSetInformation
InterlockedExchange
DecodePointer
EncodePointer
SuspendThread
SetThreadContext
GetThreadContext
FlushInstructionCache
ResumeThread
InterlockedCompareExchange
VirtualAlloc
VirtualProtect
VirtualQuery
GetLocalTime
GetCurrentThreadId
GetFileSize
ReadFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetThreadAffinityMask
QueryPerformanceFrequency
WideCharToMultiByte
CreateFileW
IsProcessorFeaturePresent

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

detoured

Detoured

pallas_core

?get_comp_mgr_instance@common@ierd_tgp@@YAAAVComponent_mgr@12@XZ
?inited@Component_mgr@common@ierd_tgp@@QAEXXZ
?init@Component_mgr@common@ierd_tgp@@QAE_NXZ
?process@Application@common@ierd_tgp@@QAEXXZ
?SetConfigRootPath@pallas_core@ierd_tgp@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?tick@Component_mgr@common@ierd_tgp@@QAEXN@Z
?set_app_path@Application@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?get_exe_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_app_path_ex@Application@common@ierd_tgp@@SA?AVpath@filesystem3@boost@@XZ
?instance@Application@common@ierd_tgp@@SAPAV123@XZ
?load_config@Component_mgr@common@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?get_parent_exe_path_w@Application@common@ierd_tgp@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?get_app_id@Application@common@ierd_tgp@@QAEIXZ
?GetConfigByPath@pallas_core@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@H@Z
??0Application@common@ierd_tgp@@QAE@III_NK0ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?uninitialize@Component_mgr@common@ierd_tgp@@QAEXXZ
?set_profiling@common@ierd_tgp@@YAX_N@Z

shlwapi

PathFindFileNameW

pallas_util

?report@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAE_NHH@Z
?default_instance@qos_ex_instace@qos_report_ex@pallas_util@ierd_tgp@@SAAAVQos_report_ex@234@XZ
?uninit@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAE_NXZ
?set_uin@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_session_id@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_version@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAEXABUversion_t@common@4@@Z
?set_qos_id@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAEXH@Z
?init@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAE_NXZ
?QueryComInterface@pallas_util@ierd_tgp@@YA_NABVcomponent_interface_type@common@2@AAV?$shared_ptr@UIComponent@common@ierd_tgp@@@boost@@@Z

msvcr100

_vswprintf_c_l
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_vsnprintf
_snwprintf_s
localeconv
??_U@YAPAXI@Z
??_V@YAXPAX@Z
strncpy_s
fprintf
_strtoui64
wcstoul
clock
rand
fread
_stricmp
__RTDynamicCast
_snprintf_s
??8type_info@@QBE_NABV0@@Z
??2@YAPAXI@Z
wcscat_s
??0bad_cast@std@@QAE@ABV01@@Z
_vsnprintf_s
fclose
fopen
??0bad_cast@std@@QAE@PBD@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
memset
wcsncpy
_wcsicmp
wcsrchr
memmove
memchr
_purecall
??0exception@std@@QAE@ABV01@@Z
_time64
??0exception@std@@QAE@XZ
_CxxThrowException
??1bad_cast@std@@UAE@XZ
strerror
memcpy

msvcp100

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??1_Locimp@locale@std@@MAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_Id_cnt@id@locale@std@@0HA
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$codecvt@_WDH@std@@MAE@XZ
?do_length@?$codecvt@_WDH@std@@MBEHABHPBD1I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
?classic@locale@std@@SAABV12@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@UAE@XZ
_Getcvt
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?exceptions@ios_base@std@@QAEXH@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?widen@?$ctype@D@std@@QBEDD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??1ios_base@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Xlength_error@std@@YAXPBD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Xout_of_range@std@@YAXPBD@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
??1_Lockit@std@@QAE@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Xfunc@tr1@std@@YAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?ws@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?_BADOFF@std@@3_JB
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a72c66341644fdcfda1b5ce35629b72

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

oleaut32

advapi32

version

detoured

pallas_core

shlwapi

pallas_util

msvcr100

msvcp100

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 215KB - Virtual size: 216KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 215KB - Virtual size: 216KB