b2d4d1afc7220c0515d10805e508a849155878fc418a522a0aeb92b439084d43

Sharing

Copy URL Twitter E-mail

General

Target

b2d4d1afc7220c0515d10805e508a849155878fc418a522a0aeb92b439084d43
Size

14.5MB
MD5

78a68e3210f95e3d2d541a118e1d186d
SHA1

41f1115439454659f291afa8739fd5c79337ad44
SHA256

b2d4d1afc7220c0515d10805e508a849155878fc418a522a0aeb92b439084d43
SHA512

d87ef7e9da021cdb7e408c635e0b62c8955accb7b0f264dbb56b64a5785df654680b60d18fc9c9f8f37329635fb9b106fd20e88a6eeaf6f62606d981825f7b64
SSDEEP

393216:lk0rxPPsZsO/hEAsff9G8isXnNkmMdLBkkKzUB:lHVMZsK3I1GBsXGBkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2d4d1afc7220c0515d10805e508a849155878fc418a522a0aeb92b439084d43

Files

b2d4d1afc7220c0515d10805e508a849155878fc418a522a0aeb92b439084d43
.exe windows:5 windows x86 arch:x86

451a9bd302e9fe57c72dc2d0dd197b7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\skylar_win_client\install\install\Release\install.pdb

Imports

iphlpapi

GetAdaptersAddresses

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSEnumerateSessionsA

crypt32

CertCloseStore
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertOpenStore
CertAddEncodedCertificateToStore
CertFreeCertificateContext
CertOpenSystemStoreW
CertEnumCertificatesInStore

kernel32

GetFileSize
GetTempPathW
VerSetConditionMask
FindClose
FindFirstFileW
FindNextFileW
GetCurrentProcess
GetCurrentProcessId
OpenProcess
GetPrivateProfileIntW
WritePrivateProfileStringW
VerifyVersionInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
GetDriveTypeA
GetComputerNameExA
lstrcmpiW
GetLongPathNameA
GetTempPathA
GetSystemDirectoryA
GetSystemWindowsDirectoryA
HeapDestroy
HeapSize
GetProcessHeap
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
DeleteCriticalSection
BeginUpdateResourceW
CopyFileW
WritePrivateProfileStringA
GetFileAttributesExW
BeginUpdateResourceA
UpdateResourceW
EndUpdateResourceW
GetPrivateProfileStringW
ReadFile
SetFilePointer
GetExitCodeProcess
GetUserDefaultUILanguage
GetModuleHandleW
MoveFileExW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
GlobalAlloc
GlobalUnlock
GlobalLock
OutputDebugStringW
FreeResource
GlobalFree
WriteFile
FlushFileBuffers
CreateDirectoryW
QueryDosDeviceW
SetEndOfFile
CreateProcessW
GetStartupInfoW
lstrcpyW
lstrcatW
lstrlenW
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesA
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetACP
ExitProcess
GetFileType
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
GetLocalTime
HeapAlloc
ExpandEnvironmentStringsA
SetLastError
GetLastError
RaiseException
CloseHandle
AreFileApisANSI
DeleteFileW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
CreatePipe
SetStdHandle
IsValidLocale
ReadConsoleW
SetEnvironmentVariableW
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
FreeLibraryAndExitThread
GetCurrentThread
GetProcessAffinityMask
ChangeTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
FileTimeToSystemTime
GetFileAttributesA
FindNextFileA
FindFirstFileA
SetFileAttributesA
DeleteFileA
CreateDirectoryA
CreateFileA
LoadLibraryA
GetModuleFileNameA
GetFileSizeEx
GetModuleHandleA
WaitForMultipleObjects
PeekNamedPipe
CompareFileTime
SleepEx
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetVersionExA
FormatMessageA
GetEnvironmentVariableA
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureStackBackTrace
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetComputerNameA
GetWindowsDirectoryA
InitializeCriticalSection
OutputDebugStringA
GetStdHandle
IsDebuggerPresent
GetStringTypeW
GetCPInfo
TlsFree
EnumSystemLocalesW
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
UnregisterWait
RegisterWaitForSingleObject
MulDiv
SetThreadAffinityMask
LocalFree
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
DeleteTimerQueueTimer
CreateTimerQueueTimer
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GlobalMemoryStatusEx
GetThreadTimes
GetCurrentThreadId
TerminateProcess
CreateSemaphoreW
Sleep
CreateEventW
CreateEventA
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapFree
HeapReAlloc
GetFileAttributesW
CreateFileW
FormatMessageW
FindFirstFileExW
GetFileInformationByHandle
GetFullPathNameW
SetFilePointerEx
DeviceIoControl
CreateHardLinkW
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
GetExitCodeThread
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue

user32

InvalidateRgn
CreateAcceleratorTableW
GetGUIThreadInfo
SetRect
GetSystemMetrics
GetDC
ReleaseDC
AdjustWindowRectEx
MonitorFromWindow
SendMessageW
LoadImageW
MessageBoxW
CharUpperW
CharUpperA
PostQuitMessage
SetWindowPos
GetMenu
GetClientRect
GetWindowLongW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
CreateWindowExW
IsWindow
DestroyWindow
IsWindowVisible
IsIconic
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsRectEmpty
PtInRect
SetWindowLongW
GetParent
GetWindow
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
SetPropW
GetPropW
LoadCursorW
GetMonitorInfoW
MoveWindow
GetWindowRgn
wvsprintfW
SetCursor
OffsetRect
IsZoomed
SetWindowRgn
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
CharPrevW
DrawTextW
FillRect

gdi32

CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ExtSelectClipRgn
DeleteDC
DeleteObject
CreatePatternBrush
GdiFlush
ExtTextOutW
TextOutW
MoveToEx
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
GetDeviceCaps
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetObjectA
CreateRoundRectRgn
CreateDIBSection
PtInRegion
CreateRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
GetStockObject

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
SystemFunction036
RegCloseKey
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegSetValueExW
OpenProcessToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
LookupAccountSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExA
GetUserNameA

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathA
ShellExecuteW
ord165
SHGetPathFromIDListW
SHCreateDirectoryExW
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
OleLockRunning
CoInitialize
CLSIDFromProgID
CoUninitialize
CoInitializeEx
CLSIDFromString

oleaut32

VariantClear
SysAllocStringLen
VariantInit
SysFreeString
SysStringLen
SysAllocString

shlwapi

PathFindFileNameW
PathRenameExtensionW
PathIsDirectoryW
PathIsRelativeW
wnsprintfW
PathRemoveFileSpecW
SHGetValueA
PathStripToRootA
PathFindFileNameA
PathAppendA
SHSetValueW
SHGetValueW
SHDeleteValueW
PathCombineW
PathFileExistsW
PathAppendW
SHQueryValueExA
SHDeleteKeyW
PathFindExtensionW

ws2_32

htons
inet_ntoa
send
WSASetLastError
select
__WSAFDIsSet
WSAWaitForMultipleEvents
recv
getsockopt
accept
recvfrom
sendto
gethostname
WSAConnect
WSARecvFrom
WSACloseEvent
WSAGetLastError
ntohs
htonl
WSASend
WSARecv
listen
WSAAddressToStringW
getaddrinfo
closesocket
connect
ioctlsocket
getsockname
inet_addr
setsockopt
socket
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
getpeername
WSAGetOverlappedResult
WSASocketA
WSAIoctl
WSACreateEvent
bind
freeaddrinfo
WSAAddressToStringA
WSACleanup
WSAStartup

psapi

GetProcessImageFileNameW

gdiplus

GdipSetSmoothingMode
GdipSetCompositingQuality
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCreateFontFromDC
GdipSetPixelOffsetMode
GdipLoadImageFromStream
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipLoadImageFromStreamICM
GdipDeleteFontFamily
GdipCloneImage
GdipDrawString
GdipImageGetFrameDimensionsList

urlmon

IsValidURL

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext
ImmDisableIME

comctl32

ord17
_TrackMouseEvent

dbghelp

SymFromAddr
SymInitialize
SymCleanup
SymSetOptions
UnDecorateSymbolName

wldap32

ord145
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord219

Exports

Exports

IGetClient7zInstance
RegisterAssetCallback
SetServerTrustID
VerifyTrantorTrustID

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

451a9bd302e9fe57c72dc2d0dd197b7b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

wtsapi32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

psapi

gdiplus

urlmon

imm32

comctl32

dbghelp

wldap32

Exports

Exports

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 122KB - Virtual size: 220KB

.rsrc Size: 8.0MB - Virtual size: 8.0MB

.reloc Size: 230KB - Virtual size: 230KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 122KB - Virtual size: 220KB

.rsrc
Size: 8.0MB - Virtual size: 8.0MB

.reloc
Size: 230KB - Virtual size: 230KB