b1f196376b15aefcef755e6498908787c1b9221eb3ad1225c1cc14180d48f83a

Sharing

Copy URL Twitter E-mail

General

Target

b1f196376b15aefcef755e6498908787c1b9221eb3ad1225c1cc14180d48f83a
Size

1.4MB
MD5

5ff3d6fb24d46d69cf38d3cdb67b33e9
SHA1

1d24f6ee7ecec08b768cd1023c49ab16208f5b3d
SHA256

b1f196376b15aefcef755e6498908787c1b9221eb3ad1225c1cc14180d48f83a
SHA512

dc824d391549b0c98f362d6bf6e553aa916f52af8232265098a196290fb76e79133f748925866a13c5952aec9ce859d46f676385a094e755d277c9753046eee1
SSDEEP

12288:s8iF8Cy6FggLbrQXbR7jqkf1Hm7tJc0FS3jicGWVSI7dMua43Ek0cIHAN4:snjy6LaRFdGJm0Q3WKVSwdr13Ek0VA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1f196376b15aefcef755e6498908787c1b9221eb3ad1225c1cc14180d48f83a

Files

b1f196376b15aefcef755e6498908787c1b9221eb3ad1225c1cc14180d48f83a
.exe windows:6 windows x64 arch:x64

89d8aa2d2eaecfcc096488d8581dde17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\jenkins\workspace\MagicXE\build\target\Windows\pdb\Release\magic_xe_supported_detect.pdb

Imports

magic_xe_module_wrap_rapidjson

?ParsePostParamConfig@ConfigParser@module@magic_xe@@SA?AW4MagicXEError@@AEAVModel@3@PEAUParamPost@3@@Z
?ParseInferenceConfig@ConfigParser@module@magic_xe@@SA?AW4MagicXEError@@AEAVModel@3@PEAUModelConfig@3@PEAUNetworkConfig@3@PEAUParamConverter@3@PEAUModelReserveConfig@3@@Z

magic_xe_kernel

MagicXELoggerInit
MagicXEDeviceInfoQuery
MagicXEDefaultDeviceTypeGet
?MultiByteCharToWString@StringUtils@magic_xe@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEBD@Z
?Parse@Model@magic_xe@@QEAA?AW4MagicXEError@@XZ
??1Model@magic_xe@@QEAA@XZ
??0Model@magic_xe@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?CreateInstance@Inference@magic_xe@@QEAA?AV?$shared_ptr@VInstance@magic_xe@@@std@@AEAVStatus@2@V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@HV?$allocator@H@std@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@HV?$allocator@H@std@@@2@@std@@@2@@4@@Z
?SetNetworkConfig@Inference@magic_xe@@QEAA?AVStatus@2@AEAUNetworkConfig@2@@Z
?Init@Inference@magic_xe@@QEAA?AVStatus@2@AEAUModelConfig@2@AEAUNetworkConfig@2@@Z
??1Inference@magic_xe@@QEAA@XZ
??0Inference@magic_xe@@QEAA@XZ
?SetInputBlob@Instance@magic_xe@@QEAA?AVStatus@2@V?$shared_ptr@VBlob@magic_xe@@@std@@PEAUParamConverter@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@@Z
?GetAllInputBlobs@Instance@magic_xe@@QEAA?AVStatus@2@AEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VBlob@magic_xe@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VBlob@magic_xe@@@2@@std@@@2@@std@@@Z
?Forward@Instance@magic_xe@@QEAA?AVStatus@2@XZ
?GetDefaultCpuDeviceType@DeviceUtils@magic_xe@@SA?AW4MagicXEDeviceType@@XZ
?GetBlobDesc@Blob@magic_xe@@QEAA?AUBlobDesc@2@XZ
??0Blob@magic_xe@@QEAA@AEAUBlobDesc@1@_N@Z
??9Status@magic_xe@@QEAA_NW4MagicXEError@@@Z
??1Status@magic_xe@@QEAA@XZ
??0Status@magic_xe@@QEAA@W4MagicXEError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
MagicXELoggerLog

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CloseHandle
CreateDirectoryA
GetFileAttributesExA

msvcp140

??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_counter
_Query_perf_frequency
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcmp
memcpy
memmove
memset
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
exit
terminate
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_c_exit
__p___argc
__p___argv
_cexit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

setvbuf
fwrite
__p__commode
_fseeki64
ungetc
fread
fputc
fgetpos
fgetc
fsetpos
fflush
fclose
_get_stream_buffer_pointers
_set_fmode

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
realloc
malloc
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

??0AbstractDeviceInfo@magic_xe@@QEAA@AEBU01@@Z
??0AbstractDeviceInfo@magic_xe@@QEAA@XZ
??0AbstractParam@magic_xe@@QEAA@AEBV01@@Z
??0AbstractParam@magic_xe@@QEAA@XZ
??0BlobDesc@magic_xe@@QEAA@$$QEAU01@@Z
??0BlobDesc@magic_xe@@QEAA@AEBU01@@Z
??0BlobDesc@magic_xe@@QEAA@XZ
??0BlobHandle@magic_xe@@QEAA@XZ
??0CpuDeviceInfo@magic_xe@@QEAA@$$QEAU01@@Z
??0CpuDeviceInfo@magic_xe@@QEAA@AEBU01@@Z
??0CpuDeviceInfo@magic_xe@@QEAA@XZ
??0CudaDeviceInfo@magic_xe@@QEAA@$$QEAU01@@Z
??0CudaDeviceInfo@magic_xe@@QEAA@AEBU01@@Z
??0CudaDeviceInfo@magic_xe@@QEAA@XZ
??0DeviceInfoVec@magic_xe@@QEAA@$$QEAU01@@Z
??0DeviceInfoVec@magic_xe@@QEAA@AEBU01@@Z
??0DeviceInfoVec@magic_xe@@QEAA@XZ
??0Inference@magic_xe@@QEAA@AEBV01@@Z
??0Instance@magic_xe@@QEAA@AEBV01@@Z
??0MemorySizeInfo@magic_xe@@QEAA@$$QEAU01@@Z
??0MemorySizeInfo@magic_xe@@QEAA@AEBU01@@Z
??0MemorySizeInfo@magic_xe@@QEAA@XZ
??0Model@magic_xe@@QEAA@AEBV01@@Z
??0ModelConfig@magic_xe@@QEAA@$$QEAU01@@Z
??0ModelConfig@magic_xe@@QEAA@AEBU01@@Z
??0ModelConfig@magic_xe@@QEAA@XZ
??0ModelIO@magic_xe@@QEAA@AEBV01@@Z
??0ModelIO@magic_xe@@QEAA@XZ
??0ModelReserveConfig@magic_xe@@QEAA@$$QEAU01@@Z
??0ModelReserveConfig@magic_xe@@QEAA@AEBU01@@Z
??0ModelReserveConfig@magic_xe@@QEAA@XZ
??0NetworkConfig@magic_xe@@QEAA@$$QEAU01@@Z
??0NetworkConfig@magic_xe@@QEAA@AEBU01@@Z
??0NetworkConfig@magic_xe@@QEAA@XZ
??0OpenCLDeviceInfo@magic_xe@@QEAA@$$QEAU01@@Z
??0OpenCLDeviceInfo@magic_xe@@QEAA@AEBU01@@Z
??0OpenCLDeviceInfo@magic_xe@@QEAA@XZ
??0OpenGLDeviceInfo@magic_xe@@QEAA@$$QEAU01@@Z
??0OpenGLDeviceInfo@magic_xe@@QEAA@AEBU01@@Z
??0OpenGLDeviceInfo@magic_xe@@QEAA@XZ
??0ParamConverter@magic_xe@@QEAA@$$QEAU01@@Z
??0ParamConverter@magic_xe@@QEAA@AEBU01@@Z
??0ParamConverter@magic_xe@@QEAA@XZ
??0ParamPost@magic_xe@@QEAA@XZ
??0Status@magic_xe@@QEAA@AEBV01@@Z
??1AbstractDeviceInfo@magic_xe@@QEAA@XZ
??1AbstractParam@magic_xe@@UEAA@XZ
??1BlobDesc@magic_xe@@QEAA@XZ
??1CpuDeviceInfo@magic_xe@@QEAA@XZ
??1CudaDeviceInfo@magic_xe@@QEAA@XZ
??1DeviceInfoVec@magic_xe@@QEAA@XZ
??1MemorySizeInfo@magic_xe@@QEAA@XZ
??1ModelConfig@magic_xe@@QEAA@XZ
??1ModelIO@magic_xe@@UEAA@XZ
??1ModelReserveConfig@magic_xe@@QEAA@XZ
??1NetworkConfig@magic_xe@@QEAA@XZ
??1OpenCLDeviceInfo@magic_xe@@QEAA@XZ
??1OpenGLDeviceInfo@magic_xe@@QEAA@XZ
??1ParamConverter@magic_xe@@QEAA@XZ
??4AbstractDeviceInfo@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4AbstractParam@magic_xe@@QEAAAEAV01@AEBV01@@Z
??4BlobDesc@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4BlobDesc@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4BlobHandle@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4BlobHandle@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4ConfigParser@module@magic_xe@@QEAAAEAV012@$$QEAV012@@Z
??4ConfigParser@module@magic_xe@@QEAAAEAV012@AEBV012@@Z
??4CpuDeviceInfo@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4CpuDeviceInfo@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4CudaDeviceInfo@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4CudaDeviceInfo@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4DeviceInfoVec@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4DeviceInfoVec@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4DeviceUtils@magic_xe@@QEAAAEAV01@$$QEAV01@@Z
??4DeviceUtils@magic_xe@@QEAAAEAV01@AEBV01@@Z
??4DimsVectorUtils@magic_xe@@QEAAAEAV01@$$QEAV01@@Z
??4DimsVectorUtils@magic_xe@@QEAAAEAV01@AEBV01@@Z
??4FileUtils@magic_xe@@QEAAAEAV01@$$QEAV01@@Z
??4FileUtils@magic_xe@@QEAAAEAV01@AEBV01@@Z
??4Inference@magic_xe@@QEAAAEAV01@AEBV01@@Z
??4Instance@magic_xe@@QEAAAEAV01@AEBV01@@Z
??4MemorySizeInfo@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4MemorySizeInfo@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4Model@magic_xe@@QEAAAEAV01@AEBV01@@Z
??4ModelConfig@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4ModelConfig@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4ModelIO@magic_xe@@QEAAAEAV01@AEBV01@@Z
??4ModelReserveConfig@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4ModelReserveConfig@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4NetworkConfig@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4NetworkConfig@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4OpenCLDeviceInfo@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4OpenCLDeviceInfo@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4OpenGLDeviceInfo@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4OpenGLDeviceInfo@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4ParamConverter@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4ParamConverter@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4ParamPost@magic_xe@@QEAAAEAU01@$$QEAU01@@Z
??4ParamPost@magic_xe@@QEAAAEAU01@AEBU01@@Z
??4Status@magic_xe@@QEAAAEAV01@AEBV01@@Z
??4StringUtils@magic_xe@@QEAAAEAV01@$$QEAV01@@Z
??4StringUtils@magic_xe@@QEAAAEAV01@AEBV01@@Z
??_7AbstractParam@magic_xe@@6B@
??_7ModelIO@magic_xe@@6B@
??_FStatus@magic_xe@@QEAAXXZ
?GetFileName@fileUtils@tool@magic_xe@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V45@_N@Z
?GetFileParentPath@fileUtils@tool@magic_xe@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV45@_N@Z
?GetParam@AbstractParam@magic_xe@@UEAA?AW4MagicXEError@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAH@Z
?GetParam@AbstractParam@magic_xe@@UEAA?AW4MagicXEError@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAM@Z
?GetParam@AbstractParam@magic_xe@@UEAA?AW4MagicXEError@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV45@@Z
?IsAbsolutePath@fileUtils@tool@magic_xe@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?IsFileExist@fileUtils@tool@magic_xe@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?IsPathExist@fileUtils@tool@magic_xe@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?IsRootPath@fileUtils@tool@magic_xe@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?MakeDirectory@fileUtils@tool@magic_xe@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?SetParam@AbstractParam@magic_xe@@UEAA?AW4MagicXEError@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?SetParam@AbstractParam@magic_xe@@UEAA?AW4MagicXEError@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@M@Z
?SetParam@AbstractParam@magic_xe@@UEAA?AW4MagicXEError@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V45@@Z
MagicXEAlgorithmSupportedDetect

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

89d8aa2d2eaecfcc096488d8581dde17

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

magic_xe_module_wrap_rapidjson

magic_xe_kernel

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1.3MB - Virtual size: 1.3MB