1ea5ff617422d2779cd043f9f5868bef104738d3c40a1becc9580727953b89a3

Sharing

Copy URL Twitter E-mail

General

Target

1ea5ff617422d2779cd043f9f5868bef104738d3c40a1becc9580727953b89a3
Size

2.2MB
MD5

74bac7ed02f720d3399d3e8e2f0dd93a
SHA1

21f100611dbbdda2b64750688bf13fb1a8563d09
SHA256

1ea5ff617422d2779cd043f9f5868bef104738d3c40a1becc9580727953b89a3
SHA512

95f74be8bcc6408642c7404ff66afd629fb19c6fb10630d04b677d1c72c703041b4543a357e11cc9b0ccad77244e557abf32dc52b33f27b5d97cb84556bb6f38
SSDEEP

49152:/+ECCqWbstYbgsdXXrmsnqgvyU4FH1B+AtHm12m0WwwoRIyyqn9tsCuLZGf9cxx6:NSJ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ea5ff617422d2779cd043f9f5868bef104738d3c40a1becc9580727953b89a3

Files

1ea5ff617422d2779cd043f9f5868bef104738d3c40a1becc9580727953b89a3
.dll windows:6 windows x64 arch:x64

b1d782d3a7df6c8b4bfb1ec4852cfc18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp140

?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?width@ios_base@std@@QEAA_J_J@Z
_Mbrtowc
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0_Lockit@std@@QEAA@H@Z
??Bid@locale@std@@QEAA_KXZ
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??7ios_base@std@@QEBA_NXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Xbad_alloc@std@@YAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z

vcruntime140

strchr
__CxxUnregisterExceptionObject
__FrameUnwindFilter
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
memmove
__std_type_info_destroy_list
__C_specific_handler
_CxxThrowException
__std_terminate
__CxxFrameHandler3
__CxxDetectRethrow
_purecall
__std_exception_copy
__std_exception_destroy
memset

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
__stdio_common_vsprintf_s
fputc
ungetc
fgetc
fclose
_fseeki64
fgetpos
fsetpos
setvbuf
fflush
fread
__stdio_common_vsscanf
_wfopen
feof
fgetws
fwrite

api-ms-win-crt-string-l1-1-0

towlower
wcsncpy_s

api-ms-win-crt-runtime-l1-1-0

_crt_at_quick_exit
terminate
_cexit
_crt_atexit
_initterm
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_seh_filter_dll
abort

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
malloc
free

kernel32

FindNextFileW
FindFirstFileW
GetModuleFileNameA
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
FindClose
GetLastError
GetFileAttributesW
CopyFileW
CreateDirectoryW
GetCurrentProcess
lstrcpyW
GetModuleFileNameW
WideCharToMultiByte
SetLastError
CreateToolhelp32Snapshot
RtlLookupFunctionEntry
GetProcAddress
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
Sleep

softwarelog

CreateExportObj

register

?GetRegisterObj@@YAPEAVIRegisterManager@@XZ

filereport

LargeFileReport
FileReport

user32

wsprintfW

shlwapi

PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_dtest
modf

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_wstat64

mscoree

_CorDllMain

Sections

Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 890KB - Virtual size: 890KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 35KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 58B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/:J}W'
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 824KB - Virtual size: 823KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1d782d3a7df6c8b4bfb1ec4852cfc18

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

softwarelog

register

filereport

user32

shlwapi

version

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

mscoree

Sections

Size: 232KB - Virtual size: 232KB

Size: 33KB - Virtual size: 32KB

Size: 890KB - Virtual size: 890KB

Size: 35KB - Virtual size: 38KB

Size: 1024B - Virtual size: 684B

Size: 42KB - Virtual size: 41KB

Size: 512B - Virtual size: 404B

Size: 512B - Virtual size: 58B

/:J}W' Size: 186KB - Virtual size: 186KB

.text Size: 824KB - Virtual size: 823KB

.rsrc Size: 42KB - Virtual size: 41KB

/:J}W'
Size: 186KB - Virtual size: 186KB

.text
Size: 824KB - Virtual size: 823KB

.rsrc
Size: 42KB - Virtual size: 41KB