cdd8544db86b3d10c44fa1afc4d6f8cb5399313524bdb89dd2797922cc2557df

Sharing

Copy URL Twitter E-mail

General

Target

cdd8544db86b3d10c44fa1afc4d6f8cb5399313524bdb89dd2797922cc2557df
Size

3.4MB
MD5

db4586ffd3c346af5ff085dc1c777028
SHA1

41879f0eb236faf66f9e051c0a6991a9707c50ad
SHA256

cdd8544db86b3d10c44fa1afc4d6f8cb5399313524bdb89dd2797922cc2557df
SHA512

d6f2251bf7db003a39a9b93ac789d225912129ff9939c3dac184fd27c64ea7bb13a26ce41c7d34970269ca10aea2d1e1be2454f4cb47fd951fd55e92ff9f57b7
SSDEEP

49152:G1yKQKZNW0wFID5wVTE7styEDrSDocCHRuqVeSoZAVGl4MZ222/:TC6dTxvdGOF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdd8544db86b3d10c44fa1afc4d6f8cb5399313524bdb89dd2797922cc2557df

Files

cdd8544db86b3d10c44fa1afc4d6f8cb5399313524bdb89dd2797922cc2557df
.exe windows:4 windows x64

df2ac310a6619788c6e19da953bf7a2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
SetLastError
GetCurrentProcess
SetFileAttributesW
DeleteFileW
OpenProcess
GetComputerNameW
LocalAlloc
GetFileAttributesW
RtlLookupFunctionEntry
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetEnvironmentVariableW
GetModuleFileNameW
SetEnvironmentVariableW
GetTickCount
SystemTimeToTzSpecificLocalTime
ProcessIdToSessionId
GetModuleHandleW
FormatMessageW
FreeLibrary
LoadLibraryW
GetProcAddress
LoadLibraryA
CreateSemaphoreA
ReleaseSemaphore
GetVersionExA
GetTimeZoneInformation
GetSystemTime
RtlCaptureContext
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetACP
GetOEMCP
FormatMessageA
GetFullPathNameW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateFileW
MoveFileW
SetFilePointer
CreateThread
GetFileTime
ReadFile
WriteFile
GetFileSize
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetLastError
LeaveCriticalSection
Process32NextW
CloseHandle
OpenEventW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
GetCommandLineW
WaitForMultipleObjects
SetEvent
Sleep
CompareFileTime

shell32

ord4
ord2
ord155
CommandLineToArgvW

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA?AV12@_K0@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KPEB_W_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2_KB
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAXXZ
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@_KPEB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@AEBV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@H@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@AEBV12@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@PEBD@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEA_W_K@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KPEB_W_K@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXAEAV12@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_K_W_K@Z

log4cxx

??6WideMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@K@Z
?str@MessageBuffer@helpers@log4cxx@@QEAAAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$basic_ostream@_WU?$char_traits@_W@std@@@5@@Z
?forcedLog@Logger@log4cxx@@QEBAXAEBV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBVLocationInfo@spi@2@@Z
??6CharMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@K@Z
?isErrorEnabled@Logger@log4cxx@@QEBA_NXZ
?str@MessageBuffer@helpers@log4cxx@@QEAAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$basic_ostream@DU?$char_traits@D@std@@@5@@Z
?getRootLogger@Logger@log4cxx@@SA?AV?$ObjectPtrT@VLogger@log4cxx@@@helpers@2@XZ
??0?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@QEAA@XZ
??1File@log4cxx@@QEAA@XZ
??BWideMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@XZ
?getInfo@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
??BCharMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ
?isInfoEnabled@Logger@log4cxx@@QEBA_NXZ
??4?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@QEAAAEAV012@AEBV012@@Z
??1?$ObjectPtrT@VLevel@log4cxx@@@helpers@log4cxx@@UEAA@XZ
??0File@log4cxx@@QEAA@PEB_W@Z
?configure@PropertyConfigurator@log4cxx@@SAXAEBVFile@2@@Z
?getTrace@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
??6WideMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@H@Z
??6MessageBuffer@helpers@log4cxx@@QEAAAEAVCharMessageBuffer@12@PEBD@Z
??1?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@UEAA@XZ
?str@MessageBuffer@helpers@log4cxx@@QEAAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVCharMessageBuffer@23@@Z
??0LocationInfo@spi@log4cxx@@QEAA@QEBD0H@Z
??6WideMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@J@Z
??1MessageBuffer@helpers@log4cxx@@QEAA@XZ
??0MessageBuffer@helpers@log4cxx@@QEAA@XZ
?getDebug@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?isTraceEnabled@Logger@log4cxx@@QEBA_NXZ
?isDebugEnabled@Logger@log4cxx@@QEBA_NXZ
?put@MDC@log4cxx@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?str@MessageBuffer@helpers@log4cxx@@QEAAAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAVWideMessageBuffer@23@@Z
?getError@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
??6MessageBuffer@helpers@log4cxx@@QEAAAEAVWideMessageBuffer@12@PEB_W@Z
??6WideMessageBuffer@helpers@log4cxx@@QEAAAEAV012@PEB_W@Z
?getLogger@Logger@log4cxx@@SA?AV?$ObjectPtrT@VLogger@log4cxx@@@helpers@2@QEBD@Z
??6WideMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@P6AAEAVios_base@4@AEAV54@@Z@Z
?getWarn@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
??_7?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@6B@
??0ObjectPtrBase@helpers@log4cxx@@QEAA@XZ
??6WideMessageBuffer@helpers@log4cxx@@QEAAAEAV012@PEA_W@Z
??6MessageBuffer@helpers@log4cxx@@QEAAAEAVWideMessageBuffer@12@PEA_W@Z
??6WideMessageBuffer@helpers@log4cxx@@QEAAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@_N@Z
??6CharMessageBuffer@helpers@log4cxx@@QEAAAEAV012@PEBD@Z
??6WideMessageBuffer@helpers@log4cxx@@QEAAAEAV012@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?isWarnEnabled@Logger@log4cxx@@QEBA_NXZ
?forcedLog@Logger@log4cxx@@QEBAXAEBV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVLocationInfo@spi@2@@Z

rpcrt4

RpcMgmtStopServerListening
RpcServerRegisterIf2
RpcServerListen
RpcServerUnregisterIf
RpcServerUseProtseqEpW
NdrServerCall2

msvcr80

?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
tolower
toupper
_time64
_localtime64_s
memcpy_s
_strnicmp
memset
_endthreadex
_CxxThrowException
_vscwprintf
vswprintf_s
_purecall
__CxxFrameHandler3
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
_invalid_parameter_noinfo
wcscpy_s
free
malloc
_beginthreadex
_wcsicmp
wcstol
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
??_V@YAXPEAX@Z
_ultow_s
fwrite
ferror
_fseeki64
_telli64
fseek
_fileno
isalnum
towupper
towlower
_atoi64
fread
fprintf
fclose
srand
fopen_s
_stricmp
memcmp
strchr
strstr
wcsstr
memchr
memcpy
memmove
strncmp
_mktime64
_tzset
_dupenv_s
atoi
_filelengthi64
fflush

ws2_32

WSAStartup
inet_ntoa
socket
shutdown
bind
getsockname
closesocket
select
__WSAFDIsSet
htons
inet_addr
ntohs
WSAIoctl
ioctlsocket
setsockopt
getsockopt
recv
send
gethostbyname
connect
WSAGetLastError

user32

PostQuitMessage
DefWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
UpdateWindow
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
CreateWindowExW
PostThreadMessageW

advapi32

RegQueryValueExA
CryptExportKey
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
CryptGetUserKey
CryptGetProvParam
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptSignHashA
CryptAcquireContextW
CryptAcquireContextA
RegOpenKeyExA
DuplicateTokenEx
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ImpersonateLoggedOnUser

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree

oleaut32

VariantInit
VariantTimeToSystemTime
VariantClear

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df2ac310a6619788c6e19da953bf7a2f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

msvcp80

log4cxx

rpcrt4

msvcr80

ws2_32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 66KB - Virtual size: 83KB

.pdata Size: 136KB - Virtual size: 136KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 66KB - Virtual size: 83KB

.pdata
Size: 136KB - Virtual size: 136KB

.rsrc
Size: 5KB - Virtual size: 4KB