e87da44c98942f16bebee41f2a1e9549eb54e58631698e81638a58c98f8ab674

Sharing

Copy URL Twitter E-mail

General

Target

e87da44c98942f16bebee41f2a1e9549eb54e58631698e81638a58c98f8ab674
Size

3.5MB
MD5

3e792067a5e2ee88cdd09a2ce7b0d32f
SHA1

95d02289f2e52a44a6fc505fa4042ea1f6768859
SHA256

e87da44c98942f16bebee41f2a1e9549eb54e58631698e81638a58c98f8ab674
SHA512

eb3bfbb0eb6669167ba7d78db8ac6a189e06ce37116b568207f2a815bfb0fb5e7b51453e007ffe46307da5dc52ff0028d6d0493c9a832dac18df7f5242646ff2
SSDEEP

49152:6jIkql4K/BtwCEfX3waeojMsMo/w45VXVTPWzFUYFPjvOAQuWZSHWfDXL4EoCPmV:+q+sgfeFJQuWZlrXho9nV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e87da44c98942f16bebee41f2a1e9549eb54e58631698e81638a58c98f8ab674

Files

e87da44c98942f16bebee41f2a1e9549eb54e58631698e81638a58c98f8ab674
.exe windows:6 windows x86 arch:x86

7f2b5f7a09fc707b8608227d659cb480

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gaea

Gaea_InitDatabase
Gaea_SetStoragesDBPath
Gaea_ReleaseDatabase
Gaea_OpenLocation
Gaea_CloseLocation
Gaea_AdvRetrievePacketInit
Gaea_AdvRetrievePacketNext
Gaea_AdvRetrievePacketSeek
Gaea_GetTimeIntervalClose
Gaea_GetTimeIntervalNext
Gaea_GetTimeIntervalFirst
Gaea_AdvRetrievePacketRelease
Gaea_AdvRetrievePacketSetIFrameOnly
Gaea_AdvRetrievePacketSetBackward

iphlpapi

GetAdaptersInfo
GetIfEntry

parsedatapacket

_DataPacket_GetTLV_ExtLen@12
_DataPacket_ParseLoop@16

socketrelayer

fdipc_recv
fdipc_server_socket

databroker

DataBroker_SetRTSPPlayOptions
DataBroker_ResumeMediaStreaming
DataBroker_PauseMediaStreaming
DataBroker_ForceIFrame
DataBroker_SetConnectionUrlsExtra
DataBroker_SetConnectionExtraOption
DataBroker_SetConnectionOptions
DataBroker_Disconnect
DataBroker_Connect
DataBroker_DeleteConnection
DataBroker_CreateConnection
DataBroker_Release
DataBroker_SetOptions
DataBroker_Initial
DataBroker_RunOne

ws2_32

accept
getnameinfo
ntohs
getsockname
connect
WSASetLastError
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
gethostname
listen
shutdown
WSAStringToAddressW
WSAAddressToStringW
WSAIoctl
WSAEventSelect
WSASetEvent
gethostbyname
setsockopt
select
getsockopt
ioctlsocket
WSAGetLastError
sendto
recvfrom
freeaddrinfo
getaddrinfo
socket
bind
inet_addr
getpeername
closesocket
htons
htonl
WSACleanup
WSAStartup
send
recv
getprotobyname

kernel32

MoveFileExW
CreateDirectoryW
SetFileAttributesW
SetStdHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
GetTimeZoneInformation
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
RaiseException
InterlockedFlushSList
InterlockedPushEntrySList
CreateWaitableTimerA
GetLogicalProcessorInformation
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
CreateFileMappingA
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
GetVersionExA
GetEnvironmentStringsW
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
GetFileAttributesW
IsValidCodePage
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
CreateEventA
SetEvent
QueryPerformanceFrequency
WaitForMultipleObjects
PostQueuedCompletionStatus
QueueUserAPC
TerminateThread
TlsAlloc
TlsFree
FindClose
FindFirstFileA
FindNextFileA
GetDiskFreeSpaceExA
RemoveDirectoryA
DeviceIoControl
MoveFileExA
GetModuleHandleA
GlobalMemoryStatus
lstrcmpiA
GetLocalTime
SetLocalTime
ResetEvent
SwitchToThread
GetCurrentThread
SetThreadPriority
GetExitCodeThread
SuspendThread
ResumeThread
TlsGetValue
TlsSetValue
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
GetFileSizeEx
SetFilePointerEx
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToFiber
DeleteFiber
CreateFiber
GetModuleHandleExW
FindFirstFileW
FindNextFileW
GetStdHandle
GetFileType
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiber
GetCurrentProcess
TerminateProcess
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
FindFirstFileExW
GetOEMCP
CreateFileW
GetACP
WaitForSingleObjectEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
CreateEventW

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

RegCloseKey
ReportEventW
RegOpenKeyExA
RegQueryValueExA
DeregisterEventSource
RegisterEventSourceW
RegOpenKeyA

bcrypt

BCryptGenRandom

mpr

WNetAddConnection2A
WNetCancelConnection2A

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f2b5f7a09fc707b8608227d659cb480

Headers

DLL Characteristics

File Characteristics

Imports

gaea

iphlpapi

parsedatapacket

socketrelayer

databroker

ws2_32

kernel32

user32

advapi32

bcrypt

mpr

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 625KB - Virtual size: 625KB

.data Size: 38KB - Virtual size: 58KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 625KB - Virtual size: 625KB

.data
Size: 38KB - Virtual size: 58KB

.rsrc
Size: 1KB - Virtual size: 1KB