86c08249bab2339f6dd3105cca9a963e59e25ec4f1e3feaf6c47c103f81ee711

Sharing

Copy URL Twitter E-mail

General

Target

86c08249bab2339f6dd3105cca9a963e59e25ec4f1e3feaf6c47c103f81ee711
Size

1.4MB
MD5

8188fc2e9ff5231179570647c255ff48
SHA1

bc6b1c25c24f9d9be986c9608d3a16589fd99e6a
SHA256

86c08249bab2339f6dd3105cca9a963e59e25ec4f1e3feaf6c47c103f81ee711
SHA512

0bda65a3b7677a45d1c31c06d0e2cbcc834be0591fcceca3078a01a779875e7a8ce747792bce2bc8f43d62036e83d26811cba94888df3634c41252a9d3907a6b
SSDEEP

24576:5PLmvk/pZFlSv+P15DRvz+vEm81jNjHrhUgJdeESZ/I:5yaZF8vGRbK+dq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86c08249bab2339f6dd3105cca9a963e59e25ec4f1e3feaf6c47c103f81ee711

Files

86c08249bab2339f6dd3105cca9a963e59e25ec4f1e3feaf6c47c103f81ee711
.dll windows:6 windows x86 arch:x86

ac487a7ca3cb04fb9a5a3b7a25696ad5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\work\c-code\sdm-ai-sdk\Release\update.pdb

Imports

libcrypto-1_1

BIO_free_all
RSA_public_encrypt
RSA_new
PEM_read_bio_RSA_PUBKEY
RSA_size
BIO_new_mem_buf
RSA_free

ws2_32

gethostname
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
WSAStartup
WSACleanup
WSAGetLastError
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord145

mfc120u

ord1736
ord1727
ord1731
ord1723
ord1711
ord13738
ord3224
ord9137
ord10883
ord6875
ord12095
ord8846
ord14447
ord11811
ord3790
ord3795
ord11964
ord9020
ord11601
ord11600
ord5557
ord4920
ord4887
ord4928
ord4916
ord4867
ord4874
ord4909
ord4459
ord5693
ord9574
ord4451
ord3013
ord10169
ord10165
ord10167
ord10168
ord10166
ord2719
ord8092
ord10136
ord3260
ord3263
ord13616
ord6123
ord6032
ord14449
ord7807
ord6392
ord4842
ord14455
ord6774
ord4434
ord11592
ord12899
ord13563
ord5838
ord6469
ord2480
ord3839
ord6389
ord6702
ord3195
ord3317
ord1400
ord2204
ord3361
ord5327
ord10353
ord11271
ord8921
ord1108
ord9091
ord2718
ord13612
ord6121
ord12006
ord266
ord13153
ord1110
ord3654
ord7004
ord462
ord12048
ord9116
ord9246
ord7384
ord265
ord540
ord3140
ord1168
ord1506
ord324
ord1049
ord4049
ord12094
ord12126
ord8099
ord12114
ord5821
ord3809
ord6758
ord7884
ord12402
ord14326
ord7825
ord12818
ord4109
ord14454
ord7806
ord14448
ord2444
ord10260
ord5262
ord8206
ord7881
ord4546
ord12736
ord12799
ord10314
ord12122
ord8268
ord1467
ord7542
ord8352
ord9090
ord10131
ord8101
ord5314
ord7600
ord7610
ord7609
ord5137
ord5316
ord5160
ord5667
ord5430
ord9231
ord5664
ord5454
ord5157
ord1508
ord5324
ord2640
ord11999
ord3898
ord12043
ord999
ord2130
ord12412
ord12413
ord9279
ord4047
ord1992
ord11857
ord11858
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord992
ord4772
ord2262
ord3122
ord2173
ord12134
ord12132
ord4879
ord4899
ord4895
ord4891
ord4883
ord4932
ord4905
ord8636
ord13997
ord3330
ord3329
ord3223
ord1520
ord3806
ord1509
ord325
ord1050
ord2323
ord2366
ord2369
ord2334
ord2368
ord485
ord2226
ord2332
ord2142
ord2258
ord2357
ord1042
ord286
ord296
ord4791
ord3362

msvcr120

_strdup
_read
_write
_close
_open
__clean_type_info_names_internal
_except_handler4_common
_except1
?terminate@@YAXXZ
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
isgraph
isprint
islower
toupper
isupper
_stat64
wcspbrk
getenv
_getpid
_fstat64
_lseeki64
atoi
_beginthreadex
_gmtime64
free
memmove
strcpy_s
_purecall
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
malloc
strchr
?what@exception@std@@UBEPBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
fputc
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_unlock_file
ungetc
fgetpos
_fseeki64
fflush
fgetc
fsetpos
setvbuf
_lock_file
memcpy_s
fwrite
fclose
sprintf_s
strpbrk
memset
sscanf
sprintf
_filelength
fopen_s
_fileno
_wcsdup
realloc
calloc
strerror
strncpy
strrchr
__sys_nerr
strncmp
__iob_func
fgets
fopen
fputs
qsort
strtoll
_time64
_errno
tolower
isalpha
isxdigit
strstr
fread
strtol
strtoul
isdigit
fseek
isspace
memchr
isalnum

kernel32

CreateDirectoryW
Sleep
CopyFileW
FindClose
FindNextFileW
GetTickCount
WideCharToMultiByte
DeleteFileW
WaitForSingleObject
SetLastError
FormatMessageA
CreateProcessW
GetExitCodeProcess
CloseHandle
SleepEx
WaitForSingleObjectEx
GetStdHandle
GetFileType
FindFirstFileW
PeekNamedPipe
FreeLibrary
GetProcAddress
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerSetConditionMask
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
VerifyVersionInfoW
LocalAlloc
LocalFree
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
MultiByteToWideChar
GetModuleFileNameW
DecodePointer
DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSectionEx
LeaveCriticalSection
ReadFile
OutputDebugStringW

user32

PostMessageW
GetWindowRect
LoadIconW
MessageBoxA
InvalidateRect
EnableMenuItem
LoadBitmapW
EnableWindow
SendMessageW
GetSystemMenu

gdi32

CreateSolidBrush
GetStockObject

advapi32

CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext

shell32

SHFileOperationW

comctl32

ImageList_AddMasked

shlwapi

PathIsDirectoryW
PathFileExistsW

msvcp120

?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

Exports

Exports

do_update

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1020KB - Virtual size: 1019KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac487a7ca3cb04fb9a5a3b7a25696ad5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcrypto-1_1

ws2_32

wldap32

mfc120u

msvcr120

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

msvcp120

Exports

Exports

Sections

.text Size: 284KB - Virtual size: 284KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1020KB - Virtual size: 1019KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 284KB - Virtual size: 284KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1020KB - Virtual size: 1019KB

.reloc
Size: 15KB - Virtual size: 15KB