f116bbefb02f07ecc8b194622cc4fb02db77575c82823bdda55e3dfef823430b

Sharing

Copy URL Twitter E-mail

General

Target

f116bbefb02f07ecc8b194622cc4fb02db77575c82823bdda55e3dfef823430b
Size

4.0MB
MD5

0e70ea5be7177f1d3d1439079aaf75b3
SHA1

e77ea0ddc4feb563f14389490b462dac0229ccb6
SHA256

f116bbefb02f07ecc8b194622cc4fb02db77575c82823bdda55e3dfef823430b
SHA512

164884c14f106bb84bc159ad2e60b4c915a22a92a63052a70536f0145c51731085164475338c8b358dcddabfe8bd6268fba2274cace38f4a5e8079be8aed7bd0
SSDEEP

49152:OdNZ5NJhBdyoQdPwB+CKw3TsmGmuy1XDLWf3Ig5shrhXGrBfabpDDSKgD6n6ia:O3Z5RyoywpKw3TKmuy1X5jhW0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f116bbefb02f07ecc8b194622cc4fb02db77575c82823bdda55e3dfef823430b

Files

f116bbefb02f07ecc8b194622cc4fb02db77575c82823bdda55e3dfef823430b
.dll windows:5 windows x86 arch:x86

cec41dfaaf3fd454543d7ab53c9a0bac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\code\Polly\pollywin_vs2017\Release\lsx-ases.pdb

Imports

kernel32

WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetExitCodeProcess
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
HeapAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
SetFilePointerEx
HeapReAlloc
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
WriteConsoleW
CreateFileW
HeapSize
SetEndOfFile
CreateThread
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WaitForSingleObject
FreeLibraryAndExitThread
ExitThread
CreateProcessA
DuplicateHandle
GetExitCodeThread
GetFileAttributesExW
CreatePipe

libopenblas

cblas_daxpy
cblas_dcopy
cblas_ddot
cblas_dgbmv
cblas_dgemm
cblas_dgemv
cblas_dger
cblas_drot
cblas_dscal
cblas_dspmv
cblas_dspr
cblas_dspr2
cblas_dsymm
cblas_dsyrk
cblas_dtpmv
cblas_dtpsv
cblas_saxpy
cblas_scopy
cblas_sdot
cblas_sgbmv
cblas_sgemm
cblas_sgemv
cblas_sger
cblas_srot
cblas_sscal
cblas_sspmv
cblas_sspr
cblas_sspr2
cblas_ssymm
cblas_ssyrk
cblas_stpmv
cblas_stpsv
dgesvd_
dgetrf_
dgetri_
dsptrf_
dsptri_
dtptri_
sgesvd_
sgetrf_
sgetri_
ssptrf_
ssptri_
stptri_

Exports

Exports

??0Boosting@LightGBM@@QAE@XZ
??1Boosting@LightGBM@@UAE@XZ
??_7Boosting@LightGBM@@6B@
?CheckAlign@Dataset@LightGBM@@QBE_NABV12@@Z
?CreatePredictionEarlyStopInstance@LightGBM@@YA?AUPredictionEarlyStopInstance@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUPredictionEarlyStopConfig@1@@Z
LsxAsesGetErrorInfo
LsxAsesGetParam
LsxAsesSessionBegin
LsxAsesSessionDataIn
LsxAsesSessionEnd
LsxAsesSessionGetResult
LsxAsesSessionSetParam
LsxAsesSessionSpeechIn
LsxAsesSetParam
LsxAsesStart
LsxAsesStop
LsxAsesVersion
LsxAsesVoasGetText
LsxAsesVoasGetTextSplit
LsxAsesVoasGetTextSplitCount
LsxAsesVoasIsKeyWord
LsxAsesVoasLoadNet
LsxAsesVoasUnLoadNet

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 724KB - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cec41dfaaf3fd454543d7ab53c9a0bac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

libopenblas

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 724KB - Virtual size: 723KB

.data Size: 69KB - Virtual size: 76KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 169KB - Virtual size: 168KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 724KB - Virtual size: 723KB

.data
Size: 69KB - Virtual size: 76KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 169KB - Virtual size: 168KB