e22be8dcef5340ea82fdf3ff8dd13e10cb30c8ae832ff5104c2ca52031670ed1

Sharing

Copy URL Twitter E-mail

General

Target

e22be8dcef5340ea82fdf3ff8dd13e10cb30c8ae832ff5104c2ca52031670ed1
Size

5.2MB
MD5

e933a9893595b81717e3069f3e95834c
SHA1

38648e373a831f91cc24be786ab7eb5c7f25b3af
SHA256

e22be8dcef5340ea82fdf3ff8dd13e10cb30c8ae832ff5104c2ca52031670ed1
SHA512

f1f16a61568b340daf60bf47e490ef6f998337bde374b11095d187a9e9adf5b14a058a59f928892c8e2ac531af7bc2958e2eb3e09f3a4245a28e3a36633f497a
SSDEEP

49152:f7JgjWC5MHle66RRwQOhnu0ZWfr6USbOTATmH2X9XvZrSF7jD8pbITXT+Rz374cK:uR1Rw/0hcOuik3vH8AxQH06T06kio

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e22be8dcef5340ea82fdf3ff8dd13e10cb30c8ae832ff5104c2ca52031670ed1

Files

e22be8dcef5340ea82fdf3ff8dd13e10cb30c8ae832ff5104c2ca52031670ed1
.dll windows:5 windows x64 arch:x64

f27a22db37bf2dc899386e453cf36cd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\1218\targets\win32\msc_lua\test\x64\Release\msc_x64.pdb

Imports

kernel32

GetConsoleScreenBufferInfo
TryAcquireSRWLockShared
GetComputerNameA
InitializeSRWLock
MoveFileA
SetConsoleTextAttribute
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentProcessId
OutputDebugStringA
GetCurrentThreadId
ReleaseSRWLockShared
GetTickCount
InitializeCriticalSection
CreateDirectoryA
CopyFileA
DeleteFileA
WaitForSingleObject
SetEvent
CreateEventA
CreateMutexA
ReleaseMutex
CloseHandle
CreateThread
Sleep
lstrcmpiA
GetLocalTime
GetACP
FreeLibrary
FormatMessageA
GetLastError
GetProcAddress
LoadLibraryExA
WideCharToMultiByte
MultiByteToWideChar
FindClose
GetSystemTime
QueryPerformanceCounter
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
DecodePointer
HeapReAlloc
FlsSetValue
GetCommandLineA
EncodePointer
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetTimeZoneInformation
RtlUnwindEx
ReadFile
CreateProcessA
DuplicateHandle
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetConsoleCP
GetConsoleMode
LoadLibraryW
GetLocaleInfoW
SetFilePointer
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
RaiseException
RtlPcToFileHeader
FlushFileBuffers
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryW
CompareStringW
LCMapStringW
GetFileAttributesA
CreatePipe
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
SetEndOfFile
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
FindNextFileA

iphlpapi

GetAdaptersInfo

ws2_32

inet_ntoa
gethostbyname
ioctlsocket
connect
WSAStartup
recvfrom
select
htons
setsockopt
WSACleanup
recv
socket
__WSAFDIsSet
closesocket
send
getsockopt
WSAGetLastError
WSASetLastError

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
RegQueryValueExA

Exports

Exports

CreateIVWEngine
DestroyIVWEngine
MSPDownload
MSPDownloadData
MSPGetParam
MSPGetVersion
MSPLogin
MSPLogout
MSPNlpSchCancel
MSPNlpSearch
MSPRegisterNotify
MSPSearch
MSPSetParam
MSPUploadData
QHCRDataWrite
QHCRGetResult
QHCRSessionBegin
QHCRSessionEnd
QILDFini
QILDGetResult
QILDInit
QISEAudioWrite
QISEGetParam
QISEGetResult
QISEPaperCheck
QISEResultInfo
QISESessionBegin
QISESessionEnd
QISESetParam
QISETextPut
QISRAudioWrite
QISRBuildGrammar
QISRGetBinaryResult
QISRGetParam
QISRGetResult
QISRRegisterNotify
QISRSessionBegin
QISRSessionEnd
QISRSetParam
QISRUpdateLexicon
QISVAudioWrite
QISVGetParam
QISVGetResult
QISVQueDelModel
QISVQueDelModelRelease
QISVSessionBegin
QISVSessionEnd
QISVSetParam
QIVWAudioWrite
QIVWGetResInfo
QIVWRegisterNotify
QIVWSessionBegin
QIVWSessionEnd
QMFVDataWrite
QMFVGetParam
QMFVGetResult
QMFVRegisterNotify
QMFVSessionBegin
QMFVSessionEnd
QMFVSetParam
QTTSAudioGet
QTTSAudioInfo
QTTSGetParam
QTTSRegisterNotify
QTTSSessionBegin
QTTSSessionEnd
QTTSSetParam
QTTSTextPut
iFlylocale_charset
luaopen_LuaXML_lib

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 874KB - Virtual size: 917KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f27a22db37bf2dc899386e453cf36cd5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

iphlpapi

ws2_32

advapi32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 874KB - Virtual size: 917KB

.pdata Size: 100KB - Virtual size: 100KB

text Size: 8KB - Virtual size: 8KB

data Size: 28KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 47KB - Virtual size: 46KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 874KB - Virtual size: 917KB

.pdata
Size: 100KB - Virtual size: 100KB

text
Size: 8KB - Virtual size: 8KB

data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 47KB - Virtual size: 46KB