ec3b152cdafe53449313827f92ea7694e53b73833bc0b162596f58f2452b07e1

Sharing

Copy URL Twitter E-mail

General

Target

ec3b152cdafe53449313827f92ea7694e53b73833bc0b162596f58f2452b07e1
Size

122KB
MD5

62e6686039e5be0e0b52acc011e45538
SHA1

9c6a182d35c9e6dd2a94d2e5a3b615814a1a5392
SHA256

ec3b152cdafe53449313827f92ea7694e53b73833bc0b162596f58f2452b07e1
SHA512

eae553033105c0fe450fa30c0875230abb4a4c97041924728ddbdfed346613340aafc6da4fc02d27f33a20cf1dc27af6ed6b33ce027cf9d08f122aac64c9f423
SSDEEP

1536:IDUMD5knp0rRZrjTRLT/urf2qkvBTad8+pc9ggmxCTyWa702kyUmU:0UMD5q0NpNLT/uNkp+Rp5myWa7FkyUmU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec3b152cdafe53449313827f92ea7694e53b73833bc0b162596f58f2452b07e1

Files

ec3b152cdafe53449313827f92ea7694e53b73833bc0b162596f58f2452b07e1
.dll windows:4 windows x64 arch:x64

bd4afce93a55ef747846699ee6d09e0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

PDB Paths

Imports

msys-svn_delta-1-0

svn_compat_wrap_file_rev_handler
svn_delta_default_editor
svn_delta_depth_filter_editor
svn_delta_noop_window_handler
svn_delta_version
svn_editor__insert_shims
svn_txdelta_parse_svndiff
svn_txdelta_to_svndiff3

msys-apr-1-0

apr_array_copy
apr_array_make
apr_array_push
apr_atomic_dec32
apr_atomic_inc32
apr_file_inherit_unset
apr_file_open_stdin
apr_file_open_stdout
apr_file_pipe_timeout_set
apr_generate_random_bytes
apr_gethostname
apr_hash_count
apr_hash_first
apr_hash_get
apr_hash_make
apr_hash_next
apr_hash_set
apr_hash_this
apr_hash_this_key
apr_hash_this_val
apr_itoa
apr_palloc
apr_pmemdup
apr_poll
apr_pool_cleanup_null
apr_pool_cleanup_register
apr_pool_clear
apr_pool_destroy
apr_pool_note_subprocess
apr_proc_create
apr_procattr_child_errfn_set
apr_procattr_cmdtype_set
apr_procattr_create
apr_procattr_io_set
apr_psprintf
apr_pstrcat
apr_pstrdup
apr_pstrmemdup
apr_pstrndup
apr_sockaddr_info_get
apr_sockaddr_ip_get
apr_socket_addr_get
apr_socket_close
apr_socket_connect
apr_socket_create
apr_socket_opt_set
apr_socket_recv
apr_socket_send
apr_socket_timeout_get
apr_socket_timeout_set
apr_time_now
apr_tokenize_to_argv

msys-aprutil-1-0

apr_md5
apr_md5_final
apr_md5_init
apr_md5_update
apr_uri_parse

msys-intl-8

libintl_dgettext

msys-2.0

__assert_func
__cxa_atexit
__errno
_impure_ptr
calloc
cygwin_internal
dll_dllcrt0
free
getenv
malloc
memcmp
memcpy
memset
msys_detach_dll
posix_memalign
realloc
strchr
strcmp
strcspn
strlen
strncasecmp
strrchr
strstr

msys-sasl2-3

sasl_client_init
sasl_client_new
sasl_client_start
sasl_client_step
sasl_decode
sasl_dispose
sasl_done
sasl_encode
sasl_errdetail
sasl_errstring
sasl_getprop
sasl_listmech
sasl_server_init
sasl_server_new
sasl_server_start
sasl_server_step
sasl_set_mutex
sasl_setprop

kernel32

GetModuleHandleA

msys-svn_subr-1-0

svn__ui64toa
svn_atomic__init_once
svn_auth_first_credentials
svn_auth_next_credentials
svn_auth_save_credentials
svn_auth_set_parameter
svn_base64_decode_string
svn_base64_encode_string2
svn_checksum_ctx_create
svn_checksum_final
svn_checksum_match
svn_checksum_mismatch_err
svn_checksum_parse_hex
svn_checksum_update
svn_compat_log_revprops_in
svn_compat_wrap_commit_callback
svn_compat_wrap_log_receiver
svn_config_copy_config
svn_config_get
svn_create_commit_info
svn_ctype_table
svn_depth_to_word
svn_dirent_create
svn_err_best_message
svn_error__malfunction
svn_error_clear
svn_error_compose_create
svn_error_create
svn_error_createf
svn_error_find_cause
svn_error_quick_wrap
svn_error_wrap_apr
svn_fspath__canonicalize
svn_fspath__is_canonical
svn_fspath__skip_ancestor
svn_hash__make
svn_inheritance_to_word
svn_lock_create
svn_log_changed_path2_create
svn_log_entry_create
svn_mergeinfo_parse
svn_node_kind_from_word
svn_node_kind_to_word
svn_path_component_count
svn_path_is_url
svn_path_uri_decode
svn_path_url_add_component2
svn_pool_create_ex
svn_relpath_canonicalize
svn_relpath_is_canonical
svn_relpath_join
svn_relpath_skip_ancestor
svn_stream__aprfile
svn_stream_close
svn_stream_create
svn_stream_data_available
svn_stream_from_aprfile2
svn_stream_read2
svn_stream_set_close
svn_stream_set_data_available
svn_stream_set_read2
svn_stream_set_write
svn_stream_write
svn_strerror
svn_string_compare
svn_string_create
svn_string_dup
svn_string_ncreate
svn_stringbuf_compare
svn_stringbuf_create
svn_stringbuf_create_empty
svn_stringbuf_ensure
svn_stringbuf_set
svn_stringbuf_setempty
svn_subr_version
svn_time_from_cstring
svn_time_to_cstring
svn_uri_canonicalize
svn_uri_skip_ancestor
svn_ver_check_list2
svn_ver_equal

Exports

Exports

__gcc_deregister_frame
__gcc_register_frame
svn_ra_svn__auth_response
svn_ra_svn__cram_client
svn_ra_svn__data_available
svn_ra_svn__default_secprops
svn_ra_svn__do_cyrus_auth
svn_ra_svn__do_internal_auth
svn_ra_svn__enable_sasl_encryption
svn_ra_svn__end_list
svn_ra_svn__find_mech
svn_ra_svn__flush
svn_ra_svn__get_addresses
svn_ra_svn__get_pool
svn_ra_svn__handle_command
svn_ra_svn__handle_commands2
svn_ra_svn__handle_failure_status
svn_ra_svn__has_command
svn_ra_svn__init
svn_ra_svn__locate_real_error_child
svn_ra_svn__parse_proplist
svn_ra_svn__parse_tuple
svn_ra_svn__read_cmd_response
svn_ra_svn__read_command_only
svn_ra_svn__read_data_log_changed_entry
svn_ra_svn__read_item
svn_ra_svn__read_tuple
svn_ra_svn__reset_command_io_counters
svn_ra_svn__sasl_common_init
svn_ra_svn__sasl_init
svn_ra_svn__sasl_status
svn_ra_svn__set_block_handler
svn_ra_svn__set_capabilities
svn_ra_svn__set_shim_callbacks
svn_ra_svn__skip_leading_garbage
svn_ra_svn__start_list
svn_ra_svn__stream_create
svn_ra_svn__stream_data_available
svn_ra_svn__stream_from_sock
svn_ra_svn__stream_from_streams
svn_ra_svn__stream_read
svn_ra_svn__stream_timeout
svn_ra_svn__stream_write
svn_ra_svn__svndiff_version
svn_ra_svn__to_private_array
svn_ra_svn__to_private_item
svn_ra_svn__to_public_array
svn_ra_svn__to_public_item
svn_ra_svn__write_boolean
svn_ra_svn__write_cmd_abort_edit
svn_ra_svn__write_cmd_abort_report
svn_ra_svn__write_cmd_absent_dir
svn_ra_svn__write_cmd_absent_file
svn_ra_svn__write_cmd_add_dir
svn_ra_svn__write_cmd_add_file
svn_ra_svn__write_cmd_apply_textdelta
svn_ra_svn__write_cmd_change_dir_prop
svn_ra_svn__write_cmd_change_file_prop
svn_ra_svn__write_cmd_change_rev_prop
svn_ra_svn__write_cmd_change_rev_prop2
svn_ra_svn__write_cmd_check_path
svn_ra_svn__write_cmd_close_dir
svn_ra_svn__write_cmd_close_edit
svn_ra_svn__write_cmd_close_file
svn_ra_svn__write_cmd_delete_entry
svn_ra_svn__write_cmd_delete_path
svn_ra_svn__write_cmd_diff
svn_ra_svn__write_cmd_failure
svn_ra_svn__write_cmd_finish_replay
svn_ra_svn__write_cmd_finish_report
svn_ra_svn__write_cmd_get_dated_rev
svn_ra_svn__write_cmd_get_deleted_rev
svn_ra_svn__write_cmd_get_file
svn_ra_svn__write_cmd_get_file_revs
svn_ra_svn__write_cmd_get_iprops
svn_ra_svn__write_cmd_get_latest_rev
svn_ra_svn__write_cmd_get_lock
svn_ra_svn__write_cmd_get_locks
svn_ra_svn__write_cmd_link_path
svn_ra_svn__write_cmd_lock
svn_ra_svn__write_cmd_open_dir
svn_ra_svn__write_cmd_open_file
svn_ra_svn__write_cmd_open_root
svn_ra_svn__write_cmd_reparent
svn_ra_svn__write_cmd_replay
svn_ra_svn__write_cmd_replay_range
svn_ra_svn__write_cmd_response
svn_ra_svn__write_cmd_rev_prop
svn_ra_svn__write_cmd_rev_proplist
svn_ra_svn__write_cmd_set_path
svn_ra_svn__write_cmd_stat
svn_ra_svn__write_cmd_status
svn_ra_svn__write_cmd_switch
svn_ra_svn__write_cmd_target_rev
svn_ra_svn__write_cmd_textdelta_chunk
svn_ra_svn__write_cmd_textdelta_end
svn_ra_svn__write_cmd_unlock
svn_ra_svn__write_cmd_update
svn_ra_svn__write_cstring
svn_ra_svn__write_data_log_changed_path
svn_ra_svn__write_data_log_entry
svn_ra_svn__write_dirent
svn_ra_svn__write_number
svn_ra_svn__write_proplist
svn_ra_svn__write_string
svn_ra_svn__write_tuple
svn_ra_svn__write_word
svn_ra_svn_compression_level
svn_ra_svn_conn_remote_host
svn_ra_svn_cram_server
svn_ra_svn_create_conn
svn_ra_svn_create_conn2
svn_ra_svn_create_conn3
svn_ra_svn_create_conn4
svn_ra_svn_create_conn5
svn_ra_svn_drive_editor
svn_ra_svn_drive_editor2
svn_ra_svn_end_list
svn_ra_svn_flush
svn_ra_svn_get_editor
svn_ra_svn_handle_commands
svn_ra_svn_handle_commands2
svn_ra_svn_has_capability
svn_ra_svn_init
svn_ra_svn_parse_proplist
svn_ra_svn_parse_tuple
svn_ra_svn_read_cmd_response
svn_ra_svn_read_item
svn_ra_svn_read_tuple
svn_ra_svn_set_capabilities
svn_ra_svn_skip_leading_garbage
svn_ra_svn_start_list
svn_ra_svn_version
svn_ra_svn_write_cmd
svn_ra_svn_write_cmd_failure
svn_ra_svn_write_cmd_response
svn_ra_svn_write_cstring
svn_ra_svn_write_number
svn_ra_svn_write_proplist
svn_ra_svn_write_string
svn_ra_svn_write_tuple
svn_ra_svn_write_word
svn_ra_svn_zero_copy_limit
svn_sasl__client_init
svn_sasl__client_new
svn_sasl__client_start
svn_sasl__client_step
svn_sasl__decode
svn_sasl__dispose
svn_sasl__done
svn_sasl__encode
svn_sasl__errdetail
svn_sasl__errstring
svn_sasl__getprop
svn_sasl__listmech
svn_sasl__server_init
svn_sasl__server_new
svn_sasl__server_start
svn_sasl__server_step
svn_sasl__set_mutex
svn_sasl__setprop

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd4afce93a55ef747846699ee6d09e0d

Headers

File Characteristics

PDB Paths

Imports

msys-svn_delta-1-0

msys-apr-1-0

msys-aprutil-1-0

msys-intl-8

msys-2.0

msys-sasl2-3

kernel32

msys-svn_subr-1-0

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 79KB

.data Size: 512B - Virtual size: 192B

.rdata Size: 9KB - Virtual size: 8KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 4KB - Virtual size: 3KB

.xdata Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 2KB

.edata Size: 6KB - Virtual size: 5KB

.idata Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 356B

.text
Size: 79KB - Virtual size: 79KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 9KB - Virtual size: 8KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 4KB - Virtual size: 3KB

.xdata
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 6KB - Virtual size: 5KB

.idata
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 356B