3afa6209ddf3ba63e6dc6a7b54ab6f0199ee932ef675abc584a97e7f3946cfe2

Sharing

Copy URL Twitter E-mail

General

Target

3afa6209ddf3ba63e6dc6a7b54ab6f0199ee932ef675abc584a97e7f3946cfe2
Size

619KB
MD5

390c4567e6c1db24fca36c0619b5de6d
SHA1

63c5d90c8fba62baee64575e29441ad28b30e9a6
SHA256

3afa6209ddf3ba63e6dc6a7b54ab6f0199ee932ef675abc584a97e7f3946cfe2
SHA512

68747726782ac21384f469092dcef948091d5e99c278371bcd4507f9bfc841138fc18497feed8039db72d505aea62f4a81b9b3852b016e5f32ae10f0ab3652b3
SSDEEP

12288:oKtNEaVhJbjgimRVvpwKJeJ01TJf5SptKO89TdDg4jMAMcp7YJhspnWg4A:ntNEazJbLmRVvpwKJeJ01d5s89T5gKMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3afa6209ddf3ba63e6dc6a7b54ab6f0199ee932ef675abc584a97e7f3946cfe2

Files

3afa6209ddf3ba63e6dc6a7b54ab6f0199ee932ef675abc584a97e7f3946cfe2
.exe windows:6 windows x86 arch:x86

c065fb7da2cefa45e1e8c4e50a27584e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\workplace\AndroidEmulator\UI_Release_Packet_New\Basic\Client\DLL\bugreport\Output\Pdb\bugreport.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

dbghelp

SymCleanup
SymSetOptions
SymLoadModule
SymGetModuleInfoW
SymInitialize

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlA
HttpSendRequestA

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create

tinyxml

?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?GetText@TiXmlElement@@QBEPBDXZ
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?Value@TiXmlNode@@QBEPBDXZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
??1TiXmlDocument@@UAE@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
??0TiXmlDocument@@QAE@XZ

kernel32

IsProcessorFeaturePresent
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
FlushFileBuffers
lstrlenA
CopyFileA
GetModuleHandleA
SetUnhandledExceptionFilter
SetFileAttributesW
GetSystemTimeAsFileTime
GetProcessTimes
InitializeCriticalSection
LoadLibraryA
GetCurrentProcessId
UnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
GetThreadSelectorEntry
WritePrivateProfileStringW
GetFileSize
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetCurrentProcess
DeviceIoControl
CreateFileW
CloseHandle
Sleep
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoW
GetEnvironmentVariableW
GetSystemDirectoryW
GetSystemTime
SystemTimeToFileTime
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesExW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
SetCurrentDirectoryW
WriteFile
SetFilePointer
MoveFileW
GetLocalTime
GetTickCount
GetCurrentThreadId
GetSystemInfo
GlobalMemoryStatusEx
OutputDebugStringW
VirtualProtect
SetErrorMode
ReadProcessMemory
WriteProcessMemory
OpenProcess
VirtualQueryEx
K32GetModuleFileNameExA
CreateFileA
K32GetModuleFileNameExW
GetWindowsDirectoryW
OpenThread
CreateThread
TerminateProcess
SetEvent
CreateProcessW
WaitForSingleObject
lstrlenW
lstrcatW
CopyFileW
lstrcpyW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
IsDBCSLeadByte
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
ResumeThread
FreeResource
CreateEventW
ResetEvent
GetFileAttributesW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RaiseException
GetSystemDefaultLCID
ReadFile
GetTempPathW
CreateDirectoryW
QueryPerformanceCounter

user32

GetMenuItemID
EnableMenuItem
SetDlgItemTextW
GetSysColorBrush
KillTimer
ClientToScreen
SetWindowLongW
MapWindowPoints
GetWindowRect
GetMenuItemCount
GetSystemMenu
EnableWindow
SendDlgItemMessageW
MapDialogRect
CallWindowProcW
GetClassInfoExW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
IsWindow
GetKeyState
GetWindowTextLengthW
InvalidateRect
RegisterClassExW
RegisterClipboardFormatW
OpenClipboard
EmptyClipboard
SetClipboardData
GetDesktopWindow
PostMessageW
EnumChildWindows
GetWindowLongW
EnumWindows
GetClassNameW
GetWindowTextW
GetWindowThreadProcessId
DrawIconEx
GetClientRect
ShowWindow
LoadImageW
SetWindowPos
CloseClipboard
DialogBoxParamW
BeginPaint
CreateWindowExW
SetTimer
SetWindowTextW
SendMessageW
LoadIconW
EndDialog
GetDlgItem
EnumDisplayDevicesW
CreateWindowExA
RegisterClassExA
DefWindowProcW
DestroyWindow
ReleaseDC
GetDC
GetSystemMetrics
wsprintfW
GetGuiResources
DrawTextW
EndPaint

gdi32

CreateFontW
SelectObject
GetDeviceCaps
SetTextColor
SetBkMode
DeleteObject
SetPixelFormat
ChoosePixelFormat
GetStockObject

advapi32

RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
SHBindToParent
CommandLineToArgvW
ord155

ole32

DoDragDrop
OleUninitialize
OleInitialize
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
SysFreeString

gdiplus

GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame

shlwapi

PathAppendA
PathFileExistsA
PathRemoveFileSpecA
PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_BADOFF@std@@3_JB
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
_Thrd_hardware_concurrency
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
_To_wide
_To_byte
?_Xinvalid_argument@std@@YAXPBD@Z
_Xtime_get_ticks
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

d3d9

Direct3DCreate9

opengl32

wglDeleteContext
wglGetProcAddress
glGetString
wglMakeCurrent
wglCreateContext

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

vcruntime140

strrchr
__CxxFrameHandler3
_except_handler4_common
_CxxThrowException
__vcrt_InitializeCriticalSectionEx
memset
memcpy
strchr
wcschr
wcsstr
__std_terminate
__std_exception_destroy
memmove
__std_exception_copy
_purecall
memchr
__std_type_info_compare
wcsrchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
terminate
_invalid_parameter_noinfo
_initterm_e
__p___wargv
_initialize_onexit_table
_beginthreadex
_register_onexit_function
_crt_atexit
_controlfp_s
_cexit
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_configure_wide_argv
_exit
exit
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_errno

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf
fread
_set_fmode
__p__commode
__stdio_common_vswscanf
fclose
fwrite
ftell
fseek
_wfopen
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__stdio_common_vsscanf
__stdio_common_vswprintf

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dtest

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-string-l1-1-0

toupper
_wcslwr_s
wcsnlen
strnlen
wcscat_s
_wcsupr_s
strcpy_s
tolower
strncpy_s
wcsncmp
isalnum
wcsncpy
iswalnum
iswalpha
iswdigit
_wcsicmp
iswspace
wcscpy_s
wcsncat_s
towlower
wmemcpy_s
isspace
strncmp

api-ms-win-crt-convert-l1-1-0

_wtoi
strtoul
strtod
strtoll
strtoull
atoi

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_recalloc
_callnewh
calloc

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-time-l1-1-0

_time32
_time64
_gmtime32

api-ms-win-crt-multibyte-l1-1-0

_mbschr
_mbsicmp
_mbscmp
_mbsstr
_mbsrchr
_mbslwr_s

beacon_sdk

?set_common_param_getters@BeaconClient@@SAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@@std@@@2@@std@@@Z
?set_common_params@BeaconClient@@SAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@@Z
?Report@BeaconClient@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@3@W4RequestPriority@Beacon@@@Z
?InitSDK@BeaconClient@@SAXABUBeaconConfig@@@Z
?UninitSDK@BeaconClient@@SAXXZ

Sections

.text
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c065fb7da2cefa45e1e8c4e50a27584e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

dbghelp

wininet

comctl32

tinyxml

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

msvcp140

d3d9

opengl32

wtsapi32

crypt32

wintrust

iphlpapi

netapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

beacon_sdk

Sections

.text Size: 354KB - Virtual size: 354KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 4KB - Virtual size: 6KB

.gfids Size: 512B - Virtual size: 84B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 62KB - Virtual size: 62KB

.reloc Size: 96KB - Virtual size: 96KB

.text
Size: 354KB - Virtual size: 354KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 4KB - Virtual size: 6KB

.gfids
Size: 512B - Virtual size: 84B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 62KB - Virtual size: 62KB

.reloc
Size: 96KB - Virtual size: 96KB