c8ce492d0cf0406b865b60936be24550de2155c38d8f86ba4b3fad4b9b93e698

Sharing

Copy URL Twitter E-mail

General

Target

c8ce492d0cf0406b865b60936be24550de2155c38d8f86ba4b3fad4b9b93e698
Size

698KB
MD5

1e623e62174b5086036eff10a8a2cd22
SHA1

ebd323b626d5e996d943853599205772a5d7a2ba
SHA256

c8ce492d0cf0406b865b60936be24550de2155c38d8f86ba4b3fad4b9b93e698
SHA512

dd2976b4b29b494f93361ad363b8dab4191f4b5bee1aa4604a984e48abba7b8bb6040d9d2f8eb823f1b14635b5a5f58f001a3c9ba62879fba9f055d687c66777
SSDEEP

12288:2x33E1U8ZS9hUlazJX/TsIzZrjALWVr7NdnFhSit:O3Z9hJ9FhSS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8ce492d0cf0406b865b60936be24550de2155c38d8f86ba4b3fad4b9b93e698

Files

c8ce492d0cf0406b865b60936be24550de2155c38d8f86ba4b3fad4b9b93e698
.exe windows:5 windows x86 arch:x86

1bb1a83c6e779a422ccd749d75f511be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcurl

curl_slist_free_all
curl_easy_init
curl_easy_setopt
curl_easy_getinfo
curl_easy_cleanup
curl_easy_perform

libglog

??1LogMessage@google@@QAE@XZ
?ShutdownGoogleLogging@google@@YAXXZ
?SetLogDestination@google@@YAXHPBD@Z
?FLAGS_colorlogtostderr@fLB@@3_NA
?FLAGS_logbuflevel@fLI@@3HA
?FLAGS_minloglevel@fLI@@3HA
?FLAGS_max_log_size@fLI@@3HA
??0LogMessage@google@@QAE@PBDH@Z
??0LogMessage@google@@QAE@PBDHH@Z
?stream@LogMessage@google@@QAEAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ
?InitGoogleLogging@google@@YAXPBD@Z

rpcrt4

UuidFromStringW
RpcEpRegisterW
RpcServerRegisterAuthInfoW
RpcEpUnregister
NdrServerCall2
RpcMgmtStopServerListening
RpcStringFreeA
RpcStringFreeW
UuidCreate
UuidToStringA
UuidToStringW
RpcBindingVectorFree
RpcServerInqBindings
RpcServerListen
RpcServerRegisterIf
RpcServerUseProtseqW
RpcRevertToSelf
RpcMgmtWaitServerListen
RpcImpersonateClient

kernel32

GetProcessHeap
CreateThread
GetLogicalDriveStringsW
GetLongPathNameW
QueryDosDeviceW
Sleep
CreateProcessW
OpenProcess
GetSystemTimes
GetSystemDirectoryW
GetVersionExW
ReadProcessMemory
FreeLibrary
LocalAlloc
LocalFree
lstrcmpiW
lstrcatW
WTSGetActiveConsoleSessionId
LoadLibraryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
DecodePointer
RaiseException
SetLastError
HeapDestroy
HeapReAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateMutexW
HeapFree
LoadResource
SizeofResource
FindResourceW
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
GetFileAttributesW
ReadFile
SetFilePointer
SetEvent
OpenMutexW
CreateEventW
TerminateProcess
GetNativeSystemInfo
FindResourceExW
FreeResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetPrivateProfileIntW
GetPrivateProfileStringW
WideCharToMultiByte
ProcessIdToSessionId
GetCurrentProcessId
VirtualFree
LoadLibraryExA
IsDebuggerPresent
UnhandledExceptionFilter
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapAlloc
GetLastError
lstrlenW
lstrcpyW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetLocalTime
GetCurrentThreadId
GetCurrentProcess
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
CloseHandle
OutputDebugStringW
GetDiskFreeSpaceExW
CreateFileW
LoadLibraryExW
GetEnvironmentVariableW
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsProcessorFeaturePresent
LoadLibraryA
VirtualAlloc

user32

GetCursorPos
SetForegroundWindow
SetMenuDefaultItem
GetDesktopWindow
TrackPopupMenu
LoadMenuW
KillTimer
IsMenu
IsWindow
CreateWindowExW
LoadCursorW
DestroyIcon
RegisterClassExW
GetClassInfoExW
GetMenuDefaultItem
wsprintfW
RegisterWindowMessageW
GetMonitorInfoW
MonitorFromWindow
IsDialogMessageW
LoadImageW
LoadIconW
GetWindow
GetParent
MapWindowPoints
MessageBoxW
GetWindowRect
SetWindowTextW
GetMenuItemInfoW
InsertMenuItemW
SetMenuItemBitmaps
RemoveMenu
GetSubMenu
DestroyMenu
EnableWindow
SetTimer
GetActiveWindow
EndDialog
DialogBoxParamW
SetWindowPos
ShowWindow
PostQuitMessage
PostMessageW
CharNextW
CreateDialogParamW
DestroyWindow
UnregisterClassW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowLongW
GetWindowLongW
FrameRect
GetWindowTextW
ReleaseDC
GetDC
DrawTextW
GetSystemMetrics
GetDlgItem
CallWindowProcW
DefWindowProcW
FindWindowExW
FindWindowW
GetClientRect
CharUpperW
SendMessageW
CreateIconIndirect

gdi32

CreateSolidBrush
RestoreDC
SaveDC
SetBkColor
SetBkMode
SetTextColor
GetTextMetricsW
ExtTextOutW
CreateCompatibleDC
DeleteObject
SelectObject
CreateDIBSection
SetDIBColorTable
GetObjectW
GetStockObject
CreateBitmap
CreateCompatibleBitmap
DeleteDC

advapi32

RegEnumKeyExW
OpenProcessToken
AllocateAndInitializeSid
CreateWellKnownSid
DuplicateTokenEx
EqualSid
FreeSid
GetTokenInformation
RegSetValueExW
GetUserNameA
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CreateProcessAsUserW
InitializeSecurityDescriptor
AdjustTokenPrivileges
SetSecurityDescriptorDacl
SetTokenInformation
LookupAccountSidW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
LookupPrivilegeValueW

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
CommandLineToArgvW
SHCreateDirectoryExA
SHCreateDirectoryExW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoInitializeSecurity

oleaut32

SysFreeString
VariantInit
VariantClear
VarUI4FromStr
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
CreateErrorInfo
GetErrorInfo
VariantChangeType
SetErrorInfo
SysAllocString

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionA
PathFindFileNameA
PathCombineW
PathIsUNCW

comctl32

InitCommonControlsEx

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipFree
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipGetImagePalette
GdipAlloc

msvcp140

?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

basecommonlib

?ws2s@strings@qmdlp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@I@Z
?pathexists@filepath@qmdlp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetInstance@?$CSingleton@VCQMFileUtil@@@qmdlp@@SAPAVCQMFileUtil@@XZ
?IsFileExisting@filepath@qmdlp@@YA_NPB_W@Z
??0jsHelper@jsonHelper@qmdlp@@QAE@XZ
??1jsHelper@jsonHelper@qmdlp@@QAE@XZ
?loadJson@jsHelper@jsonHelper@qmdlp@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@@Z
?getJsonObject@jsHelper@jsonHelper@qmdlp@@QAE_NPBDAAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@1@Z
?readInt32@jsHelper@jsonHelper@qmdlp@@QAE_NPBDAAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@AAH@Z
?GetMoudleDir@CQMFileUtil@@QAE_NAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

dbghelp

MiniDumpWriteDump

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

vcruntime140

memset
wcsrchr
_CxxThrowException
__CxxFrameHandler3
memchr
memcmp
wcsstr
memmove
__std_exception_copy
__std_exception_destroy
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
memcpy
__std_type_info_destroy_list
_purecall

api-ms-win-crt-string-l1-1-0

_wcsicmp
_wcsupr_s
wcsnlen
wcstok_s
wcscpy_s
wcslen
strcpy_s
wcsncpy_s
strcat_s
strlen
_stricmp
_wcsnicmp
wmemcpy_s
wcscat_s
wcscmp

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
__p__commode
ungetc
setvbuf
fwrite
__stdio_common_vswprintf_s
_fseeki64
fsetpos
fputc
fgetpos
fgetc
_set_fmode
fflush
fclose

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_configure_narrow_argv
_execute_onexit_table
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_controlfp_s
_configure_wide_argv
_exit
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_resetstkoflw
_initialize_narrow_environment
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_set_abort_behavior
_seh_filter_dll
_errno
_invalid_parameter_noinfo
_initialize_wide_environment
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
_recalloc
_callnewh
calloc
free
_set_new_mode

api-ms-win-crt-utility-l1-1-0

labs

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 445KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bb1a83c6e779a422ccd749d75f511be

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

libglog

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

msvcp140

basecommonlib

dbghelp

psapi

userenv

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 3KB - Virtual size: 6KB

.gfids Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 445KB - Virtual size: 444KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 3KB - Virtual size: 6KB

.gfids
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 445KB - Virtual size: 444KB

.reloc
Size: 10KB - Virtual size: 10KB