d9d14ae34772227d957c62e5e4ad5951c913b90cd2cc535bd4f474790f5bd42b

Sharing

Copy URL Twitter E-mail

General

Target

d9d14ae34772227d957c62e5e4ad5951c913b90cd2cc535bd4f474790f5bd42b
Size

1.5MB
MD5

d15dafd576c8542dcbe62a62e5514867
SHA1

fbb7784b634f7f132d63691c5b6a4f9fc7dc6be8
SHA256

d9d14ae34772227d957c62e5e4ad5951c913b90cd2cc535bd4f474790f5bd42b
SHA512

5df7bf1d4e2d9e3c9b945516c8da9bbd4c7965f668d5de6f092e610bf07c5ab149a6bbf1f1b8e2926472503191d66d07b9a809c15e0d7d95973d8b5c96a4f3e5
SSDEEP

6144:009z2PPbb44N1YABdzay19AU3u5oUhq8OopI0cJtUs5FV7Jy9Sah0:009zobU4Naa9AUoVYtUs55Eh0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9d14ae34772227d957c62e5e4ad5951c913b90cd2cc535bd4f474790f5bd42b

Files

d9d14ae34772227d957c62e5e4ad5951c913b90cd2cc535bd4f474790f5bd42b
.exe windows:5 windows x86 arch:x86

8a72c66341644fdcfda1b5ce35629b72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\helper_base\build\bin\Release\helper_main.pdb

Imports

kernel32

GetSystemInfo
FreeLibrary
OutputDebugStringA
MultiByteToWideChar
LoadLibraryW
GetPrivateProfileIntW
Process32Next
GetLastError
CloseHandle
TerminateProcess
SetLastError
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetModuleHandleA
Sleep
GetCommandLineW
GetCurrentProcess
SetEvent
OpenEventA
QueryPerformanceCounter
FormatMessageA
LocalFree
AreFileApisANSI
GetProcAddress
GetModuleFileNameW
GetCurrentThread
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSetInformation
InterlockedExchange
DecodePointer
EncodePointer
SuspendThread
SetThreadContext
GetThreadContext
FlushInstructionCache
ResumeThread
InterlockedCompareExchange
VirtualAlloc
VirtualProtect
VirtualQuery
GetLocalTime
GetCurrentThreadId
GetFileSize
ReadFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetThreadAffinityMask
QueryPerformanceFrequency
WideCharToMultiByte
CreateFileW
IsProcessorFeaturePresent

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

detoured

Detoured

pallas_core

?get_comp_mgr_instance@common@ierd_tgp@@YAAAVComponent_mgr@12@XZ
?inited@Component_mgr@common@ierd_tgp@@QAEXXZ
?init@Component_mgr@common@ierd_tgp@@QAE_NXZ
?process@Application@common@ierd_tgp@@QAEXXZ
?SetConfigRootPath@pallas_core@ierd_tgp@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?tick@Component_mgr@common@ierd_tgp@@QAEXN@Z
?set_app_path@Application@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?get_exe_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_app_path_ex@Application@common@ierd_tgp@@SA?AVpath@filesystem3@boost@@XZ
?instance@Application@common@ierd_tgp@@SAPAV123@XZ
?load_config@Component_mgr@common@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?get_parent_exe_path_w@Application@common@ierd_tgp@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?get_app_id@Application@common@ierd_tgp@@QAEIXZ
?GetConfigByPath@pallas_core@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@H@Z
??0Application@common@ierd_tgp@@QAE@III_NK0ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?uninitialize@Component_mgr@common@ierd_tgp@@QAEXXZ
?set_profiling@common@ierd_tgp@@YAX_N@Z

shlwapi

PathFindFileNameW

pallas_util

?report@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAE_NHH@Z
?default_instance@qos_ex_instace@qos_report_ex@pallas_util@ierd_tgp@@SAAAVQos_report_ex@234@XZ
?uninit@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAE_NXZ
?set_uin@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_session_id@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_version@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAEXABUversion_t@common@4@@Z
?set_qos_id@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAEXH@Z
?init@Qos_report_ex@qos_report_ex@pallas_util@ierd_tgp@@QAE_NXZ
?QueryComInterface@pallas_util@ierd_tgp@@YA_NABVcomponent_interface_type@common@2@AAV?$shared_ptr@UIComponent@common@ierd_tgp@@@boost@@@Z

msvcr100

_vswprintf_c_l
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_vsnprintf
_snwprintf_s
localeconv
??_U@YAPAXI@Z
??_V@YAXPAX@Z
strncpy_s
fprintf
_strtoui64
wcstoul
clock
rand
fread
_stricmp
__RTDynamicCast
_snprintf_s
??8type_info@@QBE_NABV0@@Z
??2@YAPAXI@Z
wcscat_s
??0bad_cast@std@@QAE@ABV01@@Z
_vsnprintf_s
fclose
fopen
??0bad_cast@std@@QAE@PBD@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
memset
wcsncpy
_wcsicmp
wcsrchr
memmove
memchr
_purecall
??0exception@std@@QAE@ABV01@@Z
_time64
??0exception@std@@QAE@XZ
_CxxThrowException
??1bad_cast@std@@UAE@XZ
strerror
memcpy

msvcp100

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??1_Locimp@locale@std@@MAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_Id_cnt@id@locale@std@@0HA
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$codecvt@_WDH@std@@MAE@XZ
?do_length@?$codecvt@_WDH@std@@MBEHABHPBD1I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
?classic@locale@std@@SAABV12@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@UAE@XZ
_Getcvt
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?exceptions@ios_base@std@@QAEXH@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?widen@?$ctype@D@std@@QBEDD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??1ios_base@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Xlength_error@std@@YAXPBD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Xout_of_range@std@@YAXPBD@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
??1_Lockit@std@@QAE@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Xfunc@tr1@std@@YAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?ws@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?_BADOFF@std@@3_JB
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 211KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a72c66341644fdcfda1b5ce35629b72

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

oleaut32

advapi32

version

detoured

pallas_core

shlwapi

pallas_util

msvcr100

msvcp100

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 211KB - Virtual size: 212KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 211KB - Virtual size: 212KB