ab5fe47a984616ffdfe7369ed4886b20

Sharing

Copy URL Twitter E-mail

General

Target

ab5fe47a984616ffdfe7369ed4886b20
Size

181KB
MD5

ab5fe47a984616ffdfe7369ed4886b20
SHA1

f6b8ddbc05ef46d41b2b7bcb51495627e8ca2b10
SHA256

cdcf4ad25f92ebdf83ef51a5bf93b8a971165965ecb9dd4c084413b6487f48b2
SHA512

b06eab41920a02c546f799e9e0b623ebfaecfc3648b365a7cb07c639520daee7c8a35c98b967365b80e551f1145071bfe9fc0d751ada0261f6ca67116fdd2657
SSDEEP

3072:v1yA3KQ48iJF5SdHlgAoud/GxFoDyx1aidhl1liNAkMf4HL09:vwAaQ48ibsdCuG3oDyNdpkMwHL4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab5fe47a984616ffdfe7369ed4886b20

Files

ab5fe47a984616ffdfe7369ed4886b20
.dll windows:6 windows x64 arch:x64

8ba5754ea6eb336635112da776f0d14d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\GitLab-Runner\builds\651dcee5\2\BC\public\linphone-sdk\build-desktop\WORK\uwp-x64\Build\mbedtls\library\RelWithDebInfo\mbedtls.pdb

Imports

ws2_32

getsockopt
listen
recv
recvfrom
select
send
getsockname
shutdown
socket
WSAStartup
WSAGetLastError
getaddrinfo
freeaddrinfo
ioctlsocket
connect
closesocket
bind
accept
setsockopt
__WSAFDIsSet

mbedx509

mbedtls_x509_crt_check_extended_key_usage
mbedtls_x509_crt_check_key_usage
mbedtls_x509_crt_verify_restartable
mbedtls_x509_crt_info
mbedtls_x509_crt_free
mbedtls_x509_crt_init
mbedtls_x509_crt_parse
mbedtls_x509_crt_parse_der

mbedcrypto

mbedtls_cipher_auth_decrypt_ext
mbedtls_ecp_curve_info_from_tls_id
mbedtls_pk_get_bitlen
mbedtls_pk_verify
mbedtls_pk_sign
mbedtls_pk_decrypt
mbedtls_cipher_info_from_type
mbedtls_dhm_make_params
mbedtls_dhm_set_group
mbedtls_dhm_read_public
mbedtls_ecdh_setup
mbedtls_ecdh_make_params
mbedtls_ecdh_read_public
mbedtls_cipher_setup
mbedtls_cipher_setkey
mbedtls_ecdh_get_params
mbedtls_mpi_copy
mbedtls_mpi_read_string
mbedtls_mpi_read_binary
mbedtls_ecp_grp_id_list
mbedtls_cipher_init
mbedtls_cipher_set_padding_mode
mbedtls_dhm_init
mbedtls_dhm_free
mbedtls_ecdh_init
mbedtls_ecdh_free
mbedtls_md5_init
mbedtls_md5_free
mbedtls_md5_clone
mbedtls_md_update
mbedtls_md5_update_ret
mbedtls_md5_finish_ret
mbedtls_sha1_init
mbedtls_sha1_free
mbedtls_sha1_clone
mbedtls_sha1_starts_ret
mbedtls_cipher_auth_encrypt_ext
mbedtls_sha1_finish_ret
mbedtls_sha256_init
mbedtls_sha256_free
mbedtls_sha256_clone
mbedtls_sha256_starts_ret
mbedtls_sha256_update_ret
mbedtls_sha256_finish_ret
mbedtls_sha512_init
mbedtls_sha512_free
mbedtls_sha512_clone
mbedtls_sha512_starts_ret
mbedtls_sha512_update_ret
mbedtls_sha512_finish_ret
mbedtls_pk_debug
mbedtls_ecdh_read_params
mbedtls_dhm_calc_secret
mbedtls_dhm_make_public
mbedtls_dhm_read_params
mbedtls_platform_zeroize
mbedtls_pk_encrypt
mbedtls_pk_sign_restartable
mbedtls_pk_verify_restartable
mbedtls_pk_can_do
mbedtls_cipher_crypt
mbedtls_cipher_free
mbedtls_md_starts
mbedtls_md_get_type
mbedtls_md_get_size
mbedtls_md_clone
mbedtls_md_hmac_reset
mbedtls_md_hmac_finish
mbedtls_md_hmac_update
mbedtls_md_hmac_starts
mbedtls_md_setup
mbedtls_md_free
mbedtls_md_init
mbedtls_md_info_from_type
mbedtls_ecdh_calc_secret
mbedtls_sha1_update_ret
mbedtls_md_finish
mbedtls_md5_starts_ret
mbedtls_ecdh_make_public
mbedtls_ecp_curve_info_from_grp_id
mbedtls_mpi_size
mbedtls_mpi_free

api-ms-win-core-synch-l1-2-0

Sleep

vcruntime140_app

memmove
memcmp
memcpy
__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

free
calloc

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_narrow_environment

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

__local_stdio_printf_options
_snprintf
mbedtls_debug_print_buf
mbedtls_debug_print_crt
mbedtls_debug_print_ecp
mbedtls_debug_print_mpi
mbedtls_debug_print_msg
mbedtls_debug_print_ret
mbedtls_debug_printf_ecdh
mbedtls_debug_set_threshold
mbedtls_net_accept
mbedtls_net_bind
mbedtls_net_close
mbedtls_net_connect
mbedtls_net_free
mbedtls_net_init
mbedtls_net_poll
mbedtls_net_recv
mbedtls_net_recv_timeout
mbedtls_net_send
mbedtls_net_set_block
mbedtls_net_set_nonblock
mbedtls_net_usleep
mbedtls_ssl_buffering_free
mbedtls_ssl_cache_free
mbedtls_ssl_cache_get
mbedtls_ssl_cache_init
mbedtls_ssl_cache_set
mbedtls_ssl_cache_set_max_entries
mbedtls_ssl_cache_set_timeout
mbedtls_ssl_check_cert_usage
mbedtls_ssl_check_curve
mbedtls_ssl_check_pending
mbedtls_ssl_check_record
mbedtls_ssl_check_sig_hash
mbedtls_ssl_check_timer
mbedtls_ssl_ciphersuite_from_id
mbedtls_ssl_ciphersuite_from_string
mbedtls_ssl_ciphersuite_uses_ec
mbedtls_ssl_ciphersuite_uses_psk
mbedtls_ssl_close_notify
mbedtls_ssl_conf_alpn_protocols
mbedtls_ssl_conf_arc4_support
mbedtls_ssl_conf_authmode
mbedtls_ssl_conf_ca_chain
mbedtls_ssl_conf_cbc_record_splitting
mbedtls_ssl_conf_cert_profile
mbedtls_ssl_conf_cert_req_ca_list
mbedtls_ssl_conf_ciphersuites
mbedtls_ssl_conf_ciphersuites_for_version
mbedtls_ssl_conf_curves
mbedtls_ssl_conf_dbg
mbedtls_ssl_conf_dh_param
mbedtls_ssl_conf_dh_param_bin
mbedtls_ssl_conf_dh_param_ctx
mbedtls_ssl_conf_dhm_min_bitlen
mbedtls_ssl_conf_dtls_anti_replay
mbedtls_ssl_conf_dtls_badmac_limit
mbedtls_ssl_conf_dtls_cookies
mbedtls_ssl_conf_dtls_srtp_protection_profiles
mbedtls_ssl_conf_encrypt_then_mac
mbedtls_ssl_conf_endpoint
mbedtls_ssl_conf_export_keys_cb
mbedtls_ssl_conf_export_keys_ext_cb
mbedtls_ssl_conf_extended_master_secret
mbedtls_ssl_conf_fallback
mbedtls_ssl_conf_handshake_timeout
mbedtls_ssl_conf_legacy_renegotiation
mbedtls_ssl_conf_max_frag_len
mbedtls_ssl_conf_max_version
mbedtls_ssl_conf_min_version
mbedtls_ssl_conf_own_cert
mbedtls_ssl_conf_psk
mbedtls_ssl_conf_psk_cb
mbedtls_ssl_conf_read_timeout
mbedtls_ssl_conf_renegotiation
mbedtls_ssl_conf_renegotiation_enforced
mbedtls_ssl_conf_renegotiation_period
mbedtls_ssl_conf_rng
mbedtls_ssl_conf_session_cache
mbedtls_ssl_conf_session_tickets
mbedtls_ssl_conf_session_tickets_cb
mbedtls_ssl_conf_sig_hashes
mbedtls_ssl_conf_sni
mbedtls_ssl_conf_srtp_mki_value_supported
mbedtls_ssl_conf_transport
mbedtls_ssl_conf_truncated_hmac
mbedtls_ssl_conf_verify
mbedtls_ssl_config_defaults
mbedtls_ssl_config_free
mbedtls_ssl_config_init
mbedtls_ssl_context_load
mbedtls_ssl_context_save
mbedtls_ssl_cookie_check
mbedtls_ssl_cookie_free
mbedtls_ssl_cookie_init
mbedtls_ssl_cookie_set_timeout
mbedtls_ssl_cookie_setup
mbedtls_ssl_cookie_write
mbedtls_ssl_decrypt_buf
mbedtls_ssl_derive_keys
mbedtls_ssl_dtls_replay_check
mbedtls_ssl_dtls_replay_reset
mbedtls_ssl_dtls_replay_update
mbedtls_ssl_dtls_srtp_set_mki_value
mbedtls_ssl_encrypt_buf
mbedtls_ssl_fetch_input
mbedtls_ssl_flight_free
mbedtls_ssl_flight_transmit
mbedtls_ssl_flush_output
mbedtls_ssl_free
mbedtls_ssl_get_alpn_protocol
mbedtls_ssl_get_bytes_avail
mbedtls_ssl_get_ciphersuite
mbedtls_ssl_get_ciphersuite_id
mbedtls_ssl_get_ciphersuite_name
mbedtls_ssl_get_ciphersuite_sig_alg
mbedtls_ssl_get_ciphersuite_sig_pk_alg
mbedtls_ssl_get_current_mtu
mbedtls_ssl_get_dtls_srtp_negotiation_result
mbedtls_ssl_get_input_max_frag_len
mbedtls_ssl_get_key_exchange_md_ssl_tls
mbedtls_ssl_get_key_exchange_md_tls1_2
mbedtls_ssl_get_max_frag_len
mbedtls_ssl_get_max_out_record_payload
mbedtls_ssl_get_output_max_frag_len
mbedtls_ssl_get_peer_cert
mbedtls_ssl_get_record_expansion
mbedtls_ssl_get_session
mbedtls_ssl_get_session_pointer
mbedtls_ssl_get_verify_result
mbedtls_ssl_get_version
mbedtls_ssl_handle_message_type
mbedtls_ssl_handshake
mbedtls_ssl_handshake_client_step
mbedtls_ssl_handshake_free
mbedtls_ssl_handshake_server_step
mbedtls_ssl_handshake_step
mbedtls_ssl_handshake_wrapup
mbedtls_ssl_handshake_wrapup_free_hs_transform
mbedtls_ssl_hash_from_md_alg
mbedtls_ssl_init
mbedtls_ssl_list_ciphersuites
mbedtls_ssl_md_alg_from_hash
mbedtls_ssl_optimize_checksum
mbedtls_ssl_parse_certificate
mbedtls_ssl_parse_change_cipher_spec
mbedtls_ssl_parse_finished
mbedtls_ssl_pk_alg_from_sig
mbedtls_ssl_prepare_handshake_record
mbedtls_ssl_psk_derive_premaster
mbedtls_ssl_read
mbedtls_ssl_read_record
mbedtls_ssl_read_version
mbedtls_ssl_recv_flight_completed
mbedtls_ssl_renegotiate
mbedtls_ssl_resend
mbedtls_ssl_resend_hello_request
mbedtls_ssl_reset_checksum
mbedtls_ssl_reset_in_out_pointers
mbedtls_ssl_send_alert_message
mbedtls_ssl_send_fatal_handshake_failure
mbedtls_ssl_send_flight_completed
mbedtls_ssl_session_copy
mbedtls_ssl_session_free
mbedtls_ssl_session_init
mbedtls_ssl_session_load
mbedtls_ssl_session_reset
mbedtls_ssl_session_reset_int
mbedtls_ssl_session_save
mbedtls_ssl_set_bio
mbedtls_ssl_set_calc_verify_md
mbedtls_ssl_set_client_transport_id
mbedtls_ssl_set_datagram_packing
mbedtls_ssl_set_hostname
mbedtls_ssl_set_hs_authmode
mbedtls_ssl_set_hs_ca_chain
mbedtls_ssl_set_hs_own_cert
mbedtls_ssl_set_hs_psk
mbedtls_ssl_set_mtu
mbedtls_ssl_set_session
mbedtls_ssl_set_timer
mbedtls_ssl_set_timer_cb
mbedtls_ssl_set_verify
mbedtls_ssl_setup
mbedtls_ssl_sig_from_pk
mbedtls_ssl_sig_from_pk_alg
mbedtls_ssl_sig_hash_set_add
mbedtls_ssl_sig_hash_set_const_hash
mbedtls_ssl_sig_hash_set_find
mbedtls_ssl_start_renegotiation
mbedtls_ssl_ticket_free
mbedtls_ssl_ticket_init
mbedtls_ssl_ticket_parse
mbedtls_ssl_ticket_setup
mbedtls_ssl_ticket_write
mbedtls_ssl_tls_prf
mbedtls_ssl_transform_free
mbedtls_ssl_transform_init
mbedtls_ssl_update_handshake_status
mbedtls_ssl_update_in_pointers
mbedtls_ssl_update_out_pointers
mbedtls_ssl_write
mbedtls_ssl_write_certificate
mbedtls_ssl_write_change_cipher_spec
mbedtls_ssl_write_finished
mbedtls_ssl_write_handshake_msg
mbedtls_ssl_write_record
mbedtls_ssl_write_version
mbedtls_vsnprintf
mbedtls_x509_crt_profile_default
mbedtls_x509_crt_profile_next
mbedtls_x509_crt_profile_suiteb

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ba5754ea6eb336635112da776f0d14d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

mbedx509

mbedcrypto

api-ms-win-core-synch-l1-2-0

vcruntime140_app

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-interlocked-l1-1-0

Exports

Exports

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 348B

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 348B