Cloudlog Aurora[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Cloudlog Aurora.exe
Size

1.1MB
MD5

3a7ec3478bc97048da1cec5146abb045
SHA1

ce85add7dc24c37832ae148d181b9ca928768416
SHA256

f8731cb2bdaf82562aa416b691dce6ebef458f9256c5f1c7646bc41de3ca274a
SHA512

f672e7549819324a170fb56d422e0a8fbaf75bccb6308ecd808270af85f96ca4c1fe914ba54cf6b78ac7a22129d31989889a3d55c0ad2aecb55a1aa853c877f2
SSDEEP

24576:ghvkJVjA/UDNSuFnTxCSLLDJIZIpkGxKh1n/wLZd:ghcbjAqN3bhLDJIepkxh1/wLZd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume2/Users/jeanluc/Downloads/Cloudlog Aurora.exe

Files

Cloudlog Aurora.exe
.zip

Password: YOIN=Tp689~u%u7n6|)x
Device/HarddiskVolume2/Users/jeanluc/Downloads/Cloudlog Aurora.exe
.exe windows:4 windows x86 arch:x86

Password: YOIN=Tp689~u%u7n6|)x

b20486fbd3292d9491744ca01849a869

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

system
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_controlfp
memcpy
memset
log10
_wfopen
fseek
fclose
wcsncpy
wcslen
wcscpy
wcscat
wcscmp
memmove
memcmp
_stricmp
sscanf
atoi
strlen
strcpy
strcat
sprintf
malloc
free
_wstat
_wcsdup
strcmp
_isnan
_finite
fread
longjmp
_setjmp3
ftell
wcsncmp
_snwprintf
_wcsicmp
tolower
floor
localtime
mktime
_wcsnicmp
_itow
gmtime
pow
??3@YAXPAX@Z
wcsstr
ceil
_CIpow
calloc
_errno
strrchr
strchr
strncpy
memchr
strncmp
_strdup
_close
_lseeki64
realloc
_snprintf
abort
_wopen
_setmode
wcschr
_open_osfhandle
setlocale
wctomb
_get_osfhandle
_open
toupper
mbstowcs
time
qsort
ctime
strcspn
strftime
frexp
modf
fopen
strerror
atof
fflush
fwrite
__p__iob
fprintf
getenv
_stati64
_ftime
_vsnwprintf
cos
fmod
sin
abs

kernel32

GetSystemInfo
GetDiskFreeSpaceExW
HeapDestroy
ExitProcess
GetUserDefaultLangID
GetModuleHandleW
HeapCreate
CreateMutexW
LoadLibraryW
GetLastError
CloseHandle
FindResourceW
LoadResource
FreeLibrary
SizeofResource
LockResource
ExpandEnvironmentStringsW
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateThread
HeapAlloc
HeapFree
Sleep
CreateFileW
GetFileSize
ReadFile
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
SetEnvironmentVariableW
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessW
GetModuleFileNameW
GetProfileStringW
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
SetEndOfFile
WriteFile
DeleteFileW
HeapReAlloc
GetVersionExW
SetLastError
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
RemoveDirectoryW
GetDriveTypeW
GetFileAttributesW
CopyFileW
GetTempPathW
MulDiv
GetLocalTime
TlsSetValue
TlsGetValue
TlsAlloc
GlobalFree
GlobalAlloc
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
HeapSize
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetExitCodeProcess
GetFullPathNameW
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

SendMessageW
GetSysColor
RedrawWindow
SetRect
GetWindowTextLengthW
GetWindowLongW
GetDlgCtrlID
GetActiveWindow
DestroyIcon
SetWindowLongW
UpdateLayeredWindow
IsWindowEnabled
IsWindowVisible
ExitWindowsEx
LoadIconW
RegisterClassExW
CreateWindowExW
BeginPaint
EndPaint
DefWindowProcW
MessageBoxW
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
EnableWindow
EnumWindows
SetWindowPos
GetWindowTextW
GetWindowRect
GetParent
MapWindowPoints
MoveWindow
InvalidateRect
DestroyWindow
GetDC
GetSystemMetrics
ReleaseDC
ScreenToClient
ClientToScreen
SetFocus
ShowWindow
CallWindowProcW
GetClientRect
FillRect
LoadCursorW
SetClassLongW
GetIconInfo
UpdateWindow
ReleaseCapture
DrawStateW
SetCapture
GetSysColorBrush
DrawTextW
ValidateRect
RemovePropW
SetPropW
GetWindow
GetAsyncKeyState
SetWindowTextW
GetPropW
SetScrollPos
InflateRect
GetWindowDC
SystemParametersInfoW
GetFocus
GetClassNameW
EnumPropsExW
RegisterClassW
AdjustWindowRectEx
UnregisterClassW
CreateAcceleratorTableW
GetMenu
DestroyAcceleratorTable
SetActiveWindow
IsZoomed
IsIconic
SetTimer
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
KillTimer
DefFrameProcW
EnumChildWindows
GetKeyState
IsChild
RegisterWindowMessageW
CreateIconFromResourceEx
CreateIconFromResource
CharLowerW
DrawIconEx

gdi32

StartDocW
GetMapMode
SetMapMode
GetDeviceCaps
DPtoLP
StartPage
EndPage
EndDoc
SetBkColor
GetStockObject
CreateDCW
SelectObject
GetTextExtentPoint32W
GetObjectType
GetObjectW
DeleteObject
SetTextColor
ExcludeClipRect
CreateFontIndirectW
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
SetStretchBltMode
StretchBlt
GdiGetBatchLimit
GdiSetBatchLimit
BitBlt
CreateDIBSection
SetBrushOrgEx
CreateBitmap
SetPixel
GetDIBits
CreateFontW
SetBkMode
SetTextAlign
TextOutW
GetTextMetricsW
GetPixel

comdlg32

PrintDlgW

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptCreateHash

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid
StringFromGUID2
RevokeDragDrop

shell32

ord165
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHBrowseForFolderW
ExtractIconW
ShellExecuteExW

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

comctl32

InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 777KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: YOIN=Tp689~u%u7n6|)x

Password: YOIN=Tp689~u%u7n6|)x

b20486fbd3292d9491744ca01849a869

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

ole32

shell32

gdiplus

comctl32

Sections

.text Size: 777KB - Virtual size: 776KB

.rdata Size: 90KB - Virtual size: 90KB

.eh_fram Size: 22KB - Virtual size: 21KB

.data Size: 56KB - Virtual size: 63KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 777KB - Virtual size: 776KB

.rdata
Size: 90KB - Virtual size: 90KB

.eh_fram
Size: 22KB - Virtual size: 21KB

.data
Size: 56KB - Virtual size: 63KB

.rsrc
Size: 9KB - Virtual size: 8KB