013044d0a5728d30b8944a5c8269825c5906fa8889777526f0ef07b75c32daf9

Sharing

Copy URL

Twitter E-mail

General

Target

013044d0a5728d30b8944a5c8269825c5906fa8889777526f0ef07b75c32daf9
Size

173KB
MD5

9f6f98133c83f7e96c6cb92fdbe88a35
SHA1

dea7677778816ffcd6386b2e065b6a730a943caf
SHA256

013044d0a5728d30b8944a5c8269825c5906fa8889777526f0ef07b75c32daf9
SHA512

ecdf8e95ec1a1c7915be399cd5434bbdca6fd29e7d0580a2ab9819d18070762fdc5b26d78429cbe9a0160c35ea377e1175a60c7eea94c76a9456e95e81d1b104
SSDEEP

1536:oh/8EeghNsMYQV6JKS+/KaWztk8pf3wBC5U6jhFQDbgHoANBgS1wUF:5fJ0/+zvf3w8e0/Roy11wUF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
013044d0a5728d30b8944a5c8269825c5906fa8889777526f0ef07b75c32daf9

Files

013044d0a5728d30b8944a5c8269825c5906fa8889777526f0ef07b75c32daf9
.exe windows:6 windows x64

35a0b3b54d5e6a683d97f5ee8d913095

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

miktex230900-getopt

MIKTEX_GETOPT_optind
getopt_long
MIKTEX_GETOPT_optarg

miktex230900-app

?GetSession@Application@App@MiKTeX@@QEBA?AV?$shared_ptr@VSession@Core@MiKTeX@@@std@@XZ
?Sorry@Application@App@MiKTeX@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVexception@5@@Z
?Sorry@Application@App@MiKTeX@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMiKTeXException@Core@3@@Z
?FatalError@Application@App@MiKTeX@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetEnableInstaller@Application@App@MiKTeX@@QEBA?AW4TriState@Configuration@3@XZ
?GetDependencies@Runtime@vi@App@MiKTeX@@SA?AV?$vector@ULibraryVersion@Core@MiKTeX@@V?$allocator@ULibraryVersion@Core@MiKTeX@@@std@@@std@@XZ
?ExamineArgs@Application@App@MiKTeX@@UEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@PEBDV?$allocator@PEBD@std@@@5@AEAVInitInfo@Session@Core@3@@Z
?Init@Application@App@MiKTeX@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?Init@Application@App@MiKTeX@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Init@Application@App@MiKTeX@@UEAAXAEAV?$vector@PEADV?$allocator@PEAD@std@@@std@@@Z
?Init@Application@App@MiKTeX@@UEAAXAEAV?$vector@PEBDV?$allocator@PEBD@std@@@std@@@Z
?Init@Application@App@MiKTeX@@UEAAXAEBVInitInfo@Session@Core@3@@Z
?Init@Application@App@MiKTeX@@UEAAXAEBVInitInfo@Session@Core@3@AEAV?$vector@PEBDV?$allocator@PEBD@std@@@std@@@Z
?Finalize@Application@App@MiKTeX@@UEAAXXZ
?ShowLibraryVersions@Application@App@MiKTeX@@UEBAXXZ
?InstallPackage@Application@App@MiKTeX@@UEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVPathName@Util@3@AEAV673@@Z
?TryCreateFile@Application@App@MiKTeX@@UEAA_NAEBVPathName@Util@3@W4FileType@Core@3@@Z
?ReportLine@Application@App@MiKTeX@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OnRetryableError@Application@App@MiKTeX@@UEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OnProgress@Application@App@MiKTeX@@UEAA_NW4Notification@Packages@3@@Z
?Trace@Application@App@MiKTeX@@UEAA_NAEBUTraceMessage@TraceCallback@03@@Z
?EnableInstaller@Application@App@MiKTeX@@QEAAXW4TriState@Configuration@3@@Z
?Finalize2@Application@App@MiKTeX@@UEAAXH@Z
?Init@Application@App@MiKTeX@@UEAAXAEBVInitInfo@Session@Core@3@AEAV?$vector@PEADV?$allocator@PEAD@std@@@std@@@Z
??1Application@App@MiKTeX@@UEAA@XZ
??0Application@App@MiKTeX@@QEAA@XZ
?ExamineArgs@Application@App@MiKTeX@@UEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@PEADV?$allocator@PEAD@std@@@5@AEAVInitInfo@Session@Core@3@@Z
?GetVersion@Runtime@vi@App@MiKTeX@@SA?AUVersionNumber@Core@4@XZ

miktex230900-log4cxx

?exchange@ObjectPtrBase@helpers@log4cxx@@SAPEAXPEAPEAXPEAX@Z
?isInfoEnabled@Logger@log4cxx@@QEBA_NXZ
?getLogger@Logger@log4cxx@@SA?AV?$ObjectPtrT@VLogger@log4cxx@@@helpers@2@QEBD@Z
?forcedLog@Logger@log4cxx@@QEBAXAEBV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVLocationInfo@spi@2@@Z
?str@MessageBuffer@helpers@log4cxx@@QEAAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVCharMessageBuffer@23@@Z
??6MessageBuffer@helpers@log4cxx@@QEAAAEAVCharMessageBuffer@12@PEBD@Z
??6MessageBuffer@helpers@log4cxx@@QEAAAEAVCharMessageBuffer@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1MessageBuffer@helpers@log4cxx@@QEAA@XZ
??0MessageBuffer@helpers@log4cxx@@QEAA@XZ
??6CharMessageBuffer@helpers@log4cxx@@QEAAAEAV012@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0LocationInfo@spi@log4cxx@@QEAA@QEBD0H@Z
??1?$ObjectPtrT@VLevel@log4cxx@@@helpers@log4cxx@@UEAA@XZ
??1ObjectPtrBase@helpers@log4cxx@@UEAA@XZ
?getInfo@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ

miktex230900-core

?Create@TemporaryDirectory@Core@MiKTeX@@SA?AV?$unique_ptr@VTemporaryDirectory@Core@MiKTeX@@U?$default_delete@VTemporaryDirectory@Core@MiKTeX@@@std@@@std@@XZ
?ToString@VersionNumber@Core@MiKTeX@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1ConsoleCodePageSwitcher@Core@MiKTeX@@UEAA@XZ
??0ConsoleCodePageSwitcher@Core@MiKTeX@@QEAA@XZ
?Exists@Directory@Core@MiKTeX@@SA_NAEBVPathName@Util@3@@Z
?Create@Directory@Core@MiKTeX@@SAXAEBVPathName@Util@3@@Z
?ToString@CommandLineBuilder@Core@MiKTeX@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0CommandLineBuilder@Core@MiKTeX@@QEAA@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
??0CommandLineBuilder@Core@MiKTeX@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?Parse@VersionNumber@Core@MiKTeX@@SA?AU123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Save@MiKTeXException@Core@MiKTeX@@QEBA_NXZ
?Copy@File@Core@MiKTeX@@SAXAEBVPathName@Util@3@0V?$OptionSet@W4FileCopyOption@Core@MiKTeX@@$0CA@@53@@Z
?MakeProgramVersionString@Utils@Core@MiKTeX@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV45@AEBUVersionNumber@23@@Z
?Run@Process@Core@MiKTeX@@SA_NAEBVPathName@Util@3@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@PEAVIRunProcessCallback@23@PEAHPEAVMiKTeXException@23@PEBD@Z
??1CommandLineBuilder@Core@MiKTeX@@UEAA@XZ
?GetExeName@Utils@Core@MiKTeX@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

miktex230900-util

?Compare@PathName@Util@MiKTeX@@SAHPEBD0@Z
?AppendDirectoryDelimiter@PathName@Util@MiKTeX@@QEAAAEAV123@XZ
?SetExtension@PathName@Util@MiKTeX@@QEAAAEAV123@PEBD_N@Z
?GetExtension@PathName@Util@MiKTeX@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?WideCharToUTF8@StringUtil@Util@MiKTeX@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEB_W@Z
?AppendString@StringUtil@Util@MiKTeX@@SA_KPEAD_KPEBD@Z
?Flatten@StringUtil@Util@MiKTeX@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@5@D@Z
?CopyString@StringUtil@Util@MiKTeX@@SA_KPEAD_KPEBD@Z

miktex230900-fmt

?vformat@v9@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v9@fmt@@D@v9@fmt@@@12@@Z

msvcp140

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memcmp
__current_exception_context
__current_exception
memset
memmove
memcpy
strchr
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
_set_app_type
terminate
_initialize_wide_environment
exit
_initterm_e
_get_initial_wide_environment
_initterm
_seh_filter_exe
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_exit

api-ms-win-crt-string-l1-1-0

isprint

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

GetModuleHandleW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
RtlCaptureContext
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35a0b3b54d5e6a683d97f5ee8d913095

Headers

DLL Characteristics

File Characteristics

Imports

miktex230900-getopt

miktex230900-app

miktex230900-log4cxx

miktex230900-core

miktex230900-util

miktex230900-fmt

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

Sections

.text Size: 116KB - Virtual size: 116KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 5KB

.idata Size: 16KB - Virtual size: 16KB

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 5KB

.idata
Size: 16KB - Virtual size: 16KB

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1008B