bc232f539aa6edf791478715cda12ad92927c8cdd289d55cf8b137887f6733ad

Sharing

Copy URL Twitter E-mail

General

Target

bc232f539aa6edf791478715cda12ad92927c8cdd289d55cf8b137887f6733ad
Size

49KB
MD5

07e3dac2c8e2d8db03026ac60c0a2b7e
SHA1

419ea79675f84266d39a1ce2f1a6f1a1389aa9dd
SHA256

bc232f539aa6edf791478715cda12ad92927c8cdd289d55cf8b137887f6733ad
SHA512

304d081f34bb31bac743e58cc2fcb16bd5662e83e0d7436e180264d8f45c0d0901c32624f5dc0a9528c898f50f2a9d97e74cb70fca1366cdb86e60ce91777787
SSDEEP

768:/fI1E5DH7LWqLaBnwb7Piu9EEYpqm+Nci49wJuHW1lwYH1:nI1E5/yqOBnwYsV1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc232f539aa6edf791478715cda12ad92927c8cdd289d55cf8b137887f6733ad

Files

bc232f539aa6edf791478715cda12ad92927c8cdd289d55cf8b137887f6733ad
.exe windows:6 windows x64 arch:x64

f9f0d76b2ffab7dd26d46eea89accf72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

base

?getOemInfo@OEMInfo@@SA?AUOEMDefine@@XZ
?error@ErrorInfo@Base@Public@@QEBA_NXZ
??4ErrorInfo@Base@Public@@QEAAAEAV012@AEBV012@@Z
??1ErrorInfo@Base@Public@@QEAA@XZ
?existByPid@Process@Base@Public@@SA_NH@Z
?access@File@Base@Public@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4AccessMode@123@@Z
?makeDirectory@File@Base@Public@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?remove@File@Base@Public@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getExcutableFileFullPath@File@Base@Public@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?save@File@Base@Public@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVSharedBuffer@23@@Z
?getlogPath@BaseSystem@Base@Public@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?startSaveLog@BaseSystem@Base@Public@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4LOG_Level@23@0@Z
?uninit@BaseSystem@Base@Public@@SAXXZ
?init@BaseSystem@Base@Public@@SAXAEBV?$Function@$$A6AXPEAXW4CloseEvent@BaseSystem@Base@Public@@@Z$$V@23@PEAX@Z
?strncasecmp@StringEx@Base@Public@@SAHPEBD0_K@Z
?strcasecmp@StringEx@Base@Public@@SAHPEBD0@Z
?indexOfByCase@StringEx@Base@Public@@SA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
??1GPUs@Base@Public@@UEAA@XZ
??0GPUs@Base@Public@@QEAA@XZ
?getProcAddr@DynamicLib@Base@Public@@QEAAPEAXPEBD@Z
?load@DynamicLib@Base@Public@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1DynamicLib@Base@Public@@QEAA@XZ
??0DynamicLib@Base@Public@@QEAA@_N@Z
?registerDumpCallback@CoreDump@Base@Public@@SAXAEBV?$Function@$$A6AXXZ$$V@23@@Z
?audoCoreDump@CoreDump@Base@Public@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?isOfficia@Version@Base@Public@@QEBA_NXZ
?toString@Version@Base@Public@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Revision@Version@Base@Public@@QEAAAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Build@Version@Base@Public@@QEAAAEAHXZ
?OEM@Version@Base@Public@@QEAAAEAHXZ
?Minor@Version@Base@Public@@QEAAAEAHXZ
?Major@Version@Base@Public@@QEAAAEAHXZ
??1Version@Base@Public@@UEAA@XZ
??0Version@Base@Public@@QEAA@XZ
??4Value@Base@Public@@QEAAAEAV012@AEBV012@@Z
??1Value@Base@Public@@QEAA@XZ
??0Value@Base@Public@@QEAA@XZ
??0Value@Base@Public@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Value@Base@Public@@QEAA@PEBD@Z
??0Value@Base@Public@@QEAA@AEBV012@@Z
?getPortOwnInfo@Host@Base@Public@@SA?AV?$set@UPortOwnInfo@Host@Base@Public@@U?$less@UPortOwnInfo@Host@Base@Public@@@std@@V?$allocator@UPortOwnInfo@Host@Base@Public@@@6@@std@@GW4SocketType@23@@Z
?read@Directory@Base@Public@@UEAA_NAEAUDirent@23@@Z
??1Directory@Base@Public@@UEAA@XZ
??0Directory@Base@Public@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?printer@Base@Public@@YAXW4LOG_Level@12@PEBD1H1AEBV?$vector@VValue@Base@Public@@V?$allocator@VValue@Base@Public@@@std@@@std@@@Z
?sleep@Thread@Base@Public@@SAXH@Z
??1SharedBuffer@Base@Public@@UEAA@XZ
??0SharedBuffer@Base@Public@@QEAA@XZ
?tryEnter@NamedMutex@Base@Public@@QEAA_NXZ
??1NamedMutex@Base@Public@@QEAA@XZ
??0NamedMutex@Base@Public@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?runCmd@ConsoleCommand@Base@Public@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1Dirent@Base@Public@@QEAA@XZ
??0Dirent@Base@Public@@QEAA@XZ

module_interface

?param@Configure@Module@Milesight@@QEAAAEAUModuleParam@23@XZ
??0Module_Manager@Module@Milesight@@QEAA@XZ
??1Module_Manager@Module@Milesight@@UEAA@XZ
?addModule@Module_Manager@Module@Milesight@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$shared_ptr@VIModule@Module@Milesight@@@5@@Z
?init@Module_Manager@Module@Milesight@@QEAA?AVErrorInfo@Base@Public@@XZ
?uninit@Module_Manager@Module@Milesight@@QEAA?AVErrorInfo@Base@Public@@XZ
?checkAuthention@Module_Manager@Module@Milesight@@UEAA?AVErrorInfo@Base@Public@@AEBV?$shared_ptr@VMQMessage@MQ@Milesight@@@std@@PEAUMSProtoAuthUserInfo@Protocol@3@@Z
?configure@Module_Manager@Module@Milesight@@QEAA?AV?$shared_ptr@VConfigure@Module@Milesight@@@std@@XZ
?stop@Module_Manager@Module@Milesight@@QEAA?AVErrorInfo@Base@Public@@XZ
?start@Module_Manager@Module@Milesight@@QEAA?AVErrorInfo@Base@Public@@XZ

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
GetSystemDirectoryA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
RtlCaptureContext
SetUnhandledExceptionFilter

msvcp140

_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

memset
_CxxThrowException
__std_exception_destroy
memcpy
__std_exception_copy
__RTDynamicCast
__CxxFrameHandler3
_purecall
__std_terminate
__C_specific_handler
memmove

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

__p___argv
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
terminate
exit
_exit
__p___argc
_get_initial_narrow_environment
_initterm
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_c_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9f0d76b2ffab7dd26d46eea89accf72

Headers

DLL Characteristics

File Characteristics

Imports

base

module_interface

kernel32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 244B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 244B