acc355205216eb23a237dc177b8d4aea9aa44052ca375277438c7723cfa53da7

Sharing

Copy URL Twitter E-mail

General

Target

acc355205216eb23a237dc177b8d4aea9aa44052ca375277438c7723cfa53da7
Size

690KB
MD5

fd242ce97eac0026157d02bbbf37fa09
SHA1

49822cef0cd090f0b606afb802dc5d5da61128ce
SHA256

acc355205216eb23a237dc177b8d4aea9aa44052ca375277438c7723cfa53da7
SHA512

ef8d0b31f97581c7783a5ee8614b60c36e02830387c7c0fd3eb49dab672280a0b9ae2f285c6cbdc8875064ede6d899d9ed19e839507bfcee270fc299de726a57
SSDEEP

12288:krf8QTNB7wdDrkNFcBWgbB1gDUfhGuQAu4aNINNEIgzzH15p:krf8QTNB7wdDrCcIgbBOofhGuvun7dH3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
acc355205216eb23a237dc177b8d4aea9aa44052ca375277438c7723cfa53da7

Files

acc355205216eb23a237dc177b8d4aea9aa44052ca375277438c7723cfa53da7
.dll windows:6 windows x64 arch:x64

4ee07ff92ee26c7333098bc5a741e789

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

bind
WSAGetLastError
closesocket
select
shutdown
listen
WSASetLastError
WSASocketW
getaddrinfo
WSAStartup
accept
getsockname
send
ntohs
connect
WSAEnumProtocolsW
recvfrom
recv
getsockopt
inet_ntop
freeaddrinfo
sendto
ioctlsocket
setsockopt
getpeername

user32

PostThreadMessageW
MessageBoxA

dbghelp

SymSetOptions
UnDecorateSymbolName
SymInitialize
SymGetLineFromAddr64
SymFromAddr
SymGetOptions
SymCleanup
SymGetModuleInfo64

ntdll

NtClose
RtlNtStatusToDosError
NtOpenFile
RtlDosPathNameToNtPathName_U
NtSetInformationFile
RtlFreeUnicodeString

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??7ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Cnd_signal
_Mtx_current_owns
_Cnd_init_in_situ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_wait
_Query_perf_counter
_Mtx_unlock
_Cnd_destroy_in_situ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Xout_of_range@std@@YAXPEBD@Z
_Xtime_get_ticks

kernel32

RtlLookupFunctionEntry
GetModuleHandleW
GetLocaleInfoEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
DeviceIoControl
AreFileApisANSI
GetTempPathW
SetFileTime
SetFileInformationByHandle
SetFileAttributesW
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
VirtualQuery
VirtualProtect
GetSystemInfo
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FormatMessageA
FreeLibrary
LoadLibraryExA
GetFileType
IsDebuggerPresent
LocalFree
WriteConsoleW
GetWindowsDirectoryA
RaiseException
GetCurrentThread
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
GetCurrentThreadId
CreateFileW
WaitForSingleObject
GetModuleFileNameW
GetFinalPathNameByHandleW
SetLastError
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
GetLastError
GetEnvironmentVariableA
GetCurrentProcess
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
GetModuleHandleExW
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
SetStdHandle
CloseHandle
PeekNamedPipe
CreatePipe
WideCharToMultiByte
GetStdHandle
ReadFile
GetTempFileNameA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strstr
strchr
strrchr
_CxxThrowException
__std_exception_copy
__std_type_info_destroy_list
__std_terminate
memmove
__std_exception_destroy
memcpy
__C_specific_handler_noexcept
memchr
memcmp
__C_specific_handler
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_beginthreadex
strerror
exit
abort
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
raise
_errno
_initialize_onexit_table
_wsystem
_endthreadex

api-ms-win-crt-heap-l1-1-0

malloc
free
realloc
_callnewh
calloc

api-ms-win-crt-stdio-l1-1-0

fputc
__stdio_common_vsprintf
_pclose
setvbuf
__stdio_common_vfprintf
_wtmpnam
_get_osfhandle
fgets
_wfreopen
fgetpos
fclose
tmpfile
ungetc
fwrite
_wfopen
fsetpos
fread
_dup2
_isatty
_popen
fgetc
_open_osfhandle
feof
_fileno
__acrt_iob_func
_ftelli64
_get_stream_buffer_pointers
_fseeki64
_setmode
getc
clearerr
ferror
fflush

api-ms-win-crt-math-l1-1-0

log10
log
fmod
_dclass
_dsign
_fdclass
_ldclass
acos
frexp
pow
ldexp
asin
_fdopen
sin
atan2
ceil
tan
cos
exp
sqrt
floor

api-ms-win-crt-environment-l1-1-0

_wgetenv
_putenv

api-ms-win-crt-string-l1-1-0

ispunct
isspace
strspn
strcmp
strpbrk
iscntrl
strncmp
isalnum
isxdigit
islower
isalpha
towlower
toupper
isgraph
tolower
isupper
strcoll
isdigit

api-ms-win-crt-filesystem-l1-1-0

_wremove
_unlock_file
_wrename
_lock_file

api-ms-win-crt-locale-l1-1-0

setlocale
___lc_codepage_func
localeconv

api-ms-win-crt-time-l1-1-0

_time64
_difftime64
clock
_gmtime64
_localtime64
strftime
_mktime64

api-ms-win-crt-convert-l1-1-0

atoi
strtod

Exports

Exports

init
luaopen_bee_filesystem
luaopen_bee_socket
luaopen_bee_socketlegacy
luaopen_bee_thread
luaopen_bee_windows
luaopen_luadebug
luaopen_luadebug_hookmgr
luaopen_luadebug_stdio
luaopen_luadebug_utility
luaopen_luadebug_visitor

Sections

.text
Size: 562KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ee07ff92ee26c7333098bc5a741e789

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

user32

dbghelp

ntdll

api-ms-win-core-synch-l1-2-0

msvcp140

kernel32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 562KB - Virtual size: 561KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 30KB - Virtual size: 30KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 562KB - Virtual size: 561KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 30KB - Virtual size: 30KB

.reloc
Size: 2KB - Virtual size: 1KB