e5fbe57cd6fe060fa2e2ee2c5df4ad4a47edf209a26525ac1e25df75aecaaf10

Sharing

Copy URL Twitter E-mail

General

Target

e5fbe57cd6fe060fa2e2ee2c5df4ad4a47edf209a26525ac1e25df75aecaaf10
Size

859KB
MD5

62b9856f631766341fb91b7c152b8008
SHA1

25671cd362c317b6c4d6c2618f43e1439455925f
SHA256

e5fbe57cd6fe060fa2e2ee2c5df4ad4a47edf209a26525ac1e25df75aecaaf10
SHA512

b3f16b16d7bc8cec80fd2da4f902aaa209365bfefd63408fdd573489879d42fe7ecbc4b83d686d361acfd62b4d4a688c6484b09b4f00eb93df720a1caa58e31a
SSDEEP

12288:QhUKfkHYdf0/c/RLg4rkX/TsIzZrjALWVr7NdnFhSd:QUHYdfvWyk9FhS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5fbe57cd6fe060fa2e2ee2c5df4ad4a47edf209a26525ac1e25df75aecaaf10

Files

e5fbe57cd6fe060fa2e2ee2c5df4ad4a47edf209a26525ac1e25df75aecaaf10
.exe windows:6 windows x64 arch:x64

95acc54773007245655890a4c0d3245b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcurl

curl_easy_init
curl_easy_setopt
curl_easy_perform
curl_easy_cleanup
curl_easy_getinfo
curl_slist_free_all

libglog

?InitGoogleLogging@google@@YAXPEBD@Z
?ShutdownGoogleLogging@google@@YAXXZ
?SetLogDestination@google@@YAXHPEBD@Z
?stream@LogMessage@google@@QEAAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ
??1LogMessage@google@@QEAA@XZ
??0LogMessage@google@@QEAA@PEBDHH@Z
??0LogMessage@google@@QEAA@PEBDH@Z
?FLAGS_max_log_size@fLI@@3HA
?FLAGS_minloglevel@fLI@@3HA
?FLAGS_logbuflevel@fLI@@3HA
?FLAGS_colorlogtostderr@fLB@@3_NA

rpcrt4

RpcEpRegisterW
UuidFromStringW
RpcServerRegisterAuthInfoW
RpcRevertToSelf
RpcImpersonateClient
RpcEpUnregister
RpcMgmtStopServerListening
RpcServerRegisterIf
RpcServerListen
RpcServerInqBindings
RpcBindingVectorFree
UuidToStringW
NdrServerCall2
RpcMgmtWaitServerListen
RpcServerUseProtseqW
UuidToStringA
UuidCreate
RpcStringFreeW
RpcStringFreeA

kernel32

AddVectoredExceptionHandler
GetCurrentProcess
GetCurrentThreadId
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
lstrcpyW
lstrlenW
CreateThread
GetLogicalDriveStringsW
GetLongPathNameW
QueryDosDeviceW
Sleep
CreateProcessW
OpenProcess
GetSystemTimes
GetSystemDirectoryW
GetVersionExW
ReadProcessMemory
FreeLibrary
LocalAlloc
LocalFree
lstrcmpiW
lstrcatW
LoadLibraryA
LoadLibraryW
CreateToolhelp32Snapshot
Process32FirstW
SetUnhandledExceptionFilter
GetCommandLineW
SetLastError
CreateMutexW
GetLastError
LoadResource
SizeofResource
FindResourceW
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
GetFileAttributesW
ReadFile
SetFilePointer
SetEvent
OpenMutexW
CreateEventW
TerminateProcess
GetNativeSystemInfo
RaiseException
FreeResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetPrivateProfileIntW
GetPrivateProfileStringW
WideCharToMultiByte
RtlVirtualUnwind
CloseHandle
OutputDebugStringW
GetDiskFreeSpaceExW
FindResourceExW
CreateFileW
GetEnvironmentVariableW
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
Process32NextW
HeapDestroy
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
DecodePointer
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadLibraryExW

user32

MonitorFromWindow
IsDialogMessageW
LoadImageW
LoadIconW
GetMonitorInfoW
GetParent
GetWindowLongW
MapWindowPoints
SetWindowLongW
IsMenu
IsWindow
CreateWindowExW
RegisterWindowMessageW
GetClassInfoExW
RegisterClassExW
GetWindow
GetWindowRect
SetWindowTextW
KillTimer
LoadMenuW
TrackPopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
SetForegroundWindow
GetCursorPos
GetDesktopWindow
LoadCursorW
DestroyIcon
CreateIconIndirect
MessageBoxW
UnregisterClassW
wsprintfW
SendMessageW
CharUpperW
GetClientRect
FindWindowW
FindWindowExW
GetMenuItemInfoW
InsertMenuItemW
SetMenuItemBitmaps
RemoveMenu
GetSubMenu
DestroyMenu
EnableWindow
SetTimer
GetActiveWindow
EndDialog
DialogBoxParamW
SetWindowPos
ShowWindow
PostQuitMessage
PostMessageW
CharNextW
CreateDialogParamW
DestroyWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowLongPtrW
GetWindowLongPtrW
FrameRect
GetWindowTextW
ReleaseDC
GetDC
DrawTextW
GetSystemMetrics
GetDlgItem
CallWindowProcW
DefWindowProcW

gdi32

DeleteDC
RestoreDC
SaveDC
SetBkColor
SetBkMode
SetTextColor
GetTextMetricsW
ExtTextOutW
CreateCompatibleDC
DeleteObject
SelectObject
CreateDIBSection
SetDIBColorTable
GetObjectW
GetStockObject
CreateBitmap
CreateCompatibleBitmap
CreateSolidBrush

advapi32

RegDeleteValueW
CreateProcessAsUserW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
GetUserNameA
AdjustTokenPrivileges
AllocateAndInitializeSid
CreateWellKnownSid
DuplicateTokenEx
EqualSid
FreeSid
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetTokenInformation
LookupAccountSidW
LookupPrivilegeValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
OpenProcessToken

shell32

Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHCreateDirectoryExA
CommandLineToArgvW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
VarUI4FromStr
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathIsUNCW
PathRemoveExtensionA
PathFindFileNameA
PathCombineW

comctl32

InitCommonControlsEx

gdiplus

GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipBitmapLockBits
GdipDrawImageI
GdipDeleteGraphics

msvcp140

?_Xbad_alloc@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

basecommonlib

?IsFileExisting@filepath@qmdlp@@YA_NPEB_W@Z
?GetMoudleDir@CQMFileUtil@@QEAA_NAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetInstance@?$CSingleton@VCQMFileUtil@@@qmdlp@@SAPEAVCQMFileUtil@@XZ
?pathexists@filepath@qmdlp@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?ws2s@strings@qmdlp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@I@Z
??1jsHelper@jsonHelper@qmdlp@@QEAA@XZ
?loadJson@jsHelper@jsonHelper@qmdlp@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@@Z
?getJsonObject@jsHelper@jsonHelper@qmdlp@@QEAA_NPEBDAEAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@1@Z
?readInt32@jsHelper@jsonHelper@qmdlp@@QEAA_NPEBDAEAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@AEAH@Z
??0jsHelper@jsonHelper@qmdlp@@QEAA@XZ

dbghelp

MiniDumpWriteDump

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

vcruntime140

__std_terminate
_CxxThrowException
__CxxFrameHandler3
memmove
wcsrchr
__C_specific_handler
__std_type_info_destroy_list
__vcrt_InitializeCriticalSectionEx
__std_exception_destroy
__std_exception_copy
_purecall
memcmp
wcsstr
memchr
memset
memcpy

api-ms-win-crt-heap-l1-1-0

calloc
free
_recalloc
_callnewh
_set_new_mode
malloc

api-ms-win-crt-string-l1-1-0

wmemcpy_s
_wcsupr_s
wcsnlen
wcscat_s
wcscpy_s
wcstok_s
strcat_s
wcsncpy_s
strcpy_s
_stricmp
_wcsnicmp
_wcsicmp

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
fclose
__stdio_common_vswprintf_s
ungetc
setvbuf
fwrite
_fseeki64
_get_stream_buffer_pointers
fflush
fgetc
fgetpos
fputc
fsetpos

api-ms-win-crt-runtime-l1-1-0

terminate
_resetstkoflw
_register_thread_local_exe_atexit_callback
_c_exit
_seh_filter_dll
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_wassert
_seh_filter_exe
_cexit
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_set_abort_behavior
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo
_errno

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95acc54773007245655890a4c0d3245b

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

libglog

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

msvcp140

basecommonlib

dbghelp

psapi

userenv

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 195KB - Virtual size: 194KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 11KB - Virtual size: 10KB

.idata Size: 26KB - Virtual size: 25KB

.gfids Size: 512B - Virtual size: 360B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 534KB - Virtual size: 534KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 195KB - Virtual size: 194KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 11KB - Virtual size: 10KB

.idata
Size: 26KB - Virtual size: 25KB

.gfids
Size: 512B - Virtual size: 360B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 534KB - Virtual size: 534KB

.reloc
Size: 4KB - Virtual size: 4KB