09445ea40b6f92e9932449a7b2c5ea107669ebfb9cd3cee4a7c5840172fa9a75

Sharing

Copy URL Twitter E-mail

General

Target

09445ea40b6f92e9932449a7b2c5ea107669ebfb9cd3cee4a7c5840172fa9a75
Size

3.4MB
MD5

c4645e63055e0239dd672febc3b01fb9
SHA1

68f775b53d39f14dea7574f9b675cf7f3267a63e
SHA256

09445ea40b6f92e9932449a7b2c5ea107669ebfb9cd3cee4a7c5840172fa9a75
SHA512

fd78a077995381a8c2ab29930db0d65fe566c8278de0e926e040857ccd35aab87bedfdf0e9d06bc73d0100270807e20e31b6edb0aa714139140318161bd4dc61
SSDEEP

49152:fYQk4NADqx8RgTVj4SNMDWF8cuAGZAUv6ycyZREaxQ7AHJIYYKMX+Gw4WygN/vfA:AQkTDJREGA8cuAGZAUv6ycyuOJRw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09445ea40b6f92e9932449a7b2c5ea107669ebfb9cd3cee4a7c5840172fa9a75

Files

09445ea40b6f92e9932449a7b2c5ea107669ebfb9cd3cee4a7c5840172fa9a75
.dll windows:5 windows x86 arch:x86

84f09776205681a579f1dfb30fff5cff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\TeamCityAgent\work\f569dedff0bbea57\symbols\Nightly_ClientNetwork.pdb

Imports

ws2_32

inet_addr
select
gethostbyname
inet_ntoa
WSAWaitForMultipleEvents
closesocket
WSAEventSelect
getsockopt
socket
bind
sendto
setsockopt
getsockname
ntohs
htons
WSAGetLastError
recvfrom
gethostname
ioctlsocket
WSACleanup
WSAStartup

libcurl

curl_easy_init
curl_multi_remove_handle
curl_multi_cleanup
curl_multi_info_read
curl_easy_strerror
curl_global_init
curl_share_init
curl_share_setopt
curl_share_cleanup
curl_global_cleanup
curl_easy_cleanup
curl_easy_getinfo
curl_easy_setopt
curl_slist_append
curl_multi_perform
curl_multi_fdset
curl_multi_add_handle
curl_multi_init

pthreadvc2

pthread_create
pthread_setcancelstate
pthread_cancel
pthread_mutex_init
pthread_cond_init
pthread_cond_destroy
pthread_mutex_destroy
pthread_mutex_lock
pthread_mutex_unlock
pthread_cond_wait
pthread_cond_signal
pthread_testcancel
pthread_cond_timedwait

wininet

InternetCrackUrlA

kernel32

CreateWaitableTimerW
CreateEventW
SetWaitableTimer
SetThreadAffinityMask
FreeLibrary
FlushInstructionCache
VirtualProtect
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
InterlockedExchange
CloseHandle
Sleep
TerminateProcess
FormatMessageW
LocalFree
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
LoadLibraryA
GetProcAddress
GetThreadTimes
GetCurrentThread
GetFileAttributesA
SetFileAttributesA
GetDllDirectoryW
GetLocalTime
GetSystemTime
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
GetLastError
SetPriorityClass
GetVersionExA
DebugActiveProcessStop
GetProcessId
RemoveDirectoryA
SetLastError
LoadLibraryW
HeapAlloc
GetProcessHeap
HeapFree
WriteFile
GetTickCount
FormatMessageA

user32

GetWindowLongA
SetWindowLongW
CallWindowProcW
SetWindowLongA
GetAsyncKeyState
MessageBoxW
MessageBoxA

advapi32

SetServiceObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
BuildExplicitAccessWithNameA
ConvertStringSidToSidA
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

shell32

ShellExecuteA
SHGetFolderPathW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

VariantChangeType
VariantClear
SysFreeString
SysAllocStringByteLen
SysAllocString
SysStringLen

msvcp90

??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z

msvcr90

fseek
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
memcpy
_beginthreadex
_vsnprintf
_strnicmp
printf
ferror
towlower
strtoul
isalpha
isprint
isspace
_wcsicmp
_unlink
_mkdir
_wcsnicmp
__CxxFrameHandler3
_CxxThrowException
strcat
strcpy
floor
_CIsqrt
isalnum
_wfopen
memcpy_s
_snprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
_purecall
??0exception@std@@QAE@XZ
fopen
fclose
feof
fflush
ftell
fread
fwrite
_invalid_parameter_noinfo
_ftime64
_vscprintf
malloc
free
_stricmp
_vscwprintf
_vsnwprintf
tolower
toupper
atoi
srand
rand
_time64
isdigit
??_V@YAXPAX@Z
rewind
wcsncpy
sprintf
sscanf
strrchr
_copysign
strncpy
realloc

winmm

timeGetTime

wintrust

WinVerifyTrust

vcomp90

_vcomp_sections_next
_vcomp_set_num_threads
_vcomp_fork
_vcomp_sections_init

Exports

Exports

CheckCompatibility
CheckService
GetNetRel
GetNetRev
InitNetInterface
NvOptimusEnablement
ReleaseNetInterface
WaitForObject

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84f09776205681a579f1dfb30fff5cff

Headers

File Characteristics

PDB Paths

Imports

ws2_32

libcurl

pthreadvc2

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp90

msvcr90

winmm

wintrust

vcomp90

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 135KB - Virtual size: 231KB

.rsrc Size: 509KB - Virtual size: 508KB

.reloc Size: 134KB - Virtual size: 133KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 135KB - Virtual size: 231KB

.rsrc
Size: 509KB - Virtual size: 508KB

.reloc
Size: 134KB - Virtual size: 133KB