357adecbf6a47b15abf9f73094550e2f8490ffe052c76af275fe52995ad5fde2

Sharing

Copy URL Twitter E-mail

General

Target

357adecbf6a47b15abf9f73094550e2f8490ffe052c76af275fe52995ad5fde2
Size

347KB
MD5

7d4ca306e02e9ef9bddad2528df6b5e7
SHA1

4d788b9327c75e20c7156b14accaea6fab2d2535
SHA256

357adecbf6a47b15abf9f73094550e2f8490ffe052c76af275fe52995ad5fde2
SHA512

ae9576dd598a2b105d83f8e4294021c79cdd45eac2117356d210e02a996d16f17c30ffef0c703378eddb8dcde400c10448f77ff7e860f1d6adaa150ec508a7cb
SSDEEP

6144:0JD33a7A2Q5KqDM42PKaHn0kEQJX3/mLAOLn2eCBVwg+F:0JmsFQPrHn0kEQhYxn2X4g+F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
357adecbf6a47b15abf9f73094550e2f8490ffe052c76af275fe52995ad5fde2

Files

357adecbf6a47b15abf9f73094550e2f8490ffe052c76af275fe52995ad5fde2
.dll windows:5 windows x86 arch:x86

952ef7f98fbf9397b77fdaca335f9eea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\docker\Documents\workspace\build-v2\common\TopsecClient\bin\repaireng.pdb

Imports

jansson

json_loads
json_dumps_free
json_dumps
json_deep_copy
json_null
json_string
json_real
json_unpack
json_object_get
json_integer
json_pack
json_object_set_new
json_load_callback
json_loadb
json_array
json_object
json_delete
json_integer_value
json_array_size
json_array_get
json_string_value
json_array_append_new

sqlite

sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_double
sqlite3_bind_null
sqlite3_bind_text
sqlite3_bind_blob
sqlite3_column_type
sqlite3_column_int
sqlite3_column_double
sqlite3_column_text
sqlite3_prepare_v2
sqlite3_finalize
sqlite3_step
sqlite3_errmsg
sqlite3_open
sqlite3_close_v2
sqlite3_busy_timeout
sqlite3_exec
sqlite3_column_count
sqlite3_column_name
sqlite3_mutex_enter
sqlite3_db_mutex
sqlite3_mutex_leave
sqlite3_last_insert_rowid
sqlite3_changes
sqlite3_column_int64

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
GetCPInfo
EncodePointer
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
EnterCriticalSection
GetCurrentProcess
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
Sleep
CloseHandle
GetWindowsDirectoryW
LocalFree
DeleteCriticalSection
WideCharToMultiByte
GetTickCount
GetModuleHandleA
GetProcAddress
GetVersion
CreateFileW
GetModuleHandleW
LoadLibraryA
GetVersionExW
GetNativeSystemInfo
HeapDestroy
CompareStringW
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
CreateEventW
SetEvent
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteFileW
SetFilePointer
WriteFile
CreateThread
SuspendThread
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
ExpandEnvironmentStringsW
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
GetEnvironmentVariableW
CreateProcessW
GetExitCodeProcess
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
ReadFile
GetFileSize
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
TerminateThread
MoveFileExW
GetSystemDefaultLangID
GetFileAttributesW
CreateDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
IsDebuggerPresent
OutputDebugStringW
ResetEvent
WaitForSingleObjectEx
LCMapStringW
GetLocaleInfoW
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
HeapSize

user32

GetSystemMetrics

advapi32

DeregisterEventSource
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegEnumKeyExW
RegOpenKeyExW
SetSecurityDescriptorDacl
RegQueryValueExA
RegSetValueExW
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExW
RegCloseKey
RegisterEventSourceW
ReportEventW
CreateWellKnownSid
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
ChangeServiceConfigW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

shlwapi

PathFindExtensionA
PathFileExistsW

libxsse

ord2
ord30
ord10

libcurl

curl_easy_perform
curl_easy_cleanup
curl_easy_init
curl_easy_setopt

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

?CreateDownloader@LeakRepairEng@@YAPAVIDownloader@1@XZ
?CreateExcludeDB@LeakRepairEng@@YAPAVIExcludeDB@1@XZ
?CreateResultDB@LeakRepairEng@@YAPAVIResultDB@1@XZ
?CreateTask@LeakRepairEng@@YAPAVITask@1@PBD0PAUjson_t@@PAVIDownloader@1@@Z
?EnableSystemUpdate@LeakRepairEng@@YAJJ@Z
?IsSystemUpdateEnable@LeakRepairEng@@YAJXZ
?ListInstalledPatchs@LeakRepairEng@@YAPAUjson_t@@XZ

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

952ef7f98fbf9397b77fdaca335f9eea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

jansson

sqlite

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

libxsse

libcurl

version

Exports

Exports

Sections

.text Size: 246KB - Virtual size: 245KB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 5KB - Virtual size: 10KB

.gfids Size: 1024B - Virtual size: 516B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 16KB

.text
Size: 246KB - Virtual size: 245KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 5KB - Virtual size: 10KB

.gfids
Size: 1024B - Virtual size: 516B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 16KB