d127fbb80951c88626cc93e53aeceee659e88f5a0b0767f9df19488e81367fc3

Sharing

Copy URL Twitter E-mail

General

Target

d127fbb80951c88626cc93e53aeceee659e88f5a0b0767f9df19488e81367fc3
Size

3.7MB
MD5

58e233f2b0f4421fe194ed7066ff8add
SHA1

c9809a7e8757d1564f3b911cac78ed18d81dbebc
SHA256

d127fbb80951c88626cc93e53aeceee659e88f5a0b0767f9df19488e81367fc3
SHA512

e0e6215b7a1d4f96bb31c8ea2d3f87f66c51e50cce5992c9951db23c3aadd3b7cf49bc7f2e3c0d28b55f8235b54aad604d7ccde415ab5b4d5b343770a49645d5
SSDEEP

49152:hKWBRxgtBvR+/v6CLbxg0z4w/hnFuUKztxpamYxM7zfshO5LRZ3rcvJIsJCf82d4:s2Dlg0t5WVB3kJIsf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d127fbb80951c88626cc93e53aeceee659e88f5a0b0767f9df19488e81367fc3

Files

d127fbb80951c88626cc93e53aeceee659e88f5a0b0767f9df19488e81367fc3
.exe windows:6 windows x64 arch:x64

7fd7af213053492d96a6c783e0b06959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libssl-3-x64

SSL_get_servername
SSL_is_init_finished
SSL_CTX_set_cipher_list
SSL_set_bio
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_read
SSL_write
SSL_ctrl
SSL_CTX_ctrl
SSL_CTX_callback_ctrl
SSL_do_handshake
SSL_shutdown
SSL_set_connect_state
DTLS_set_timer_cb
SSL_get_ex_data
SSL_set_ex_data
SSL_get_shutdown
SSL_alert_desc_string_long
SSL_alert_type_string
DTLS_method
SSL_get_error
SSL_get1_peer_certificate
SSL_state_string_long
SSL_clear
SSL_get_selected_srtp_profile
SSL_CTX_set_tlsext_use_srtp
SSL_export_keying_material
SSL_CTX_set_info_callback
SSL_CTX_set_options
SSL_set_accept_state
SSL_CTX_set_default_verify_paths
TLS_client_method
TLS_server_method
SSL_free
SSL_new
SSL_CTX_check_private_key
SSL_CTX_use_certificate
SSL_CTX_use_PrivateKey
SSL_CTX_free
SSL_CTX_new
OPENSSL_init_ssl
SSL_set_SSL_CTX

libcrypto-3-x64

ASN1_INTEGER_set
EVP_sha1
EVP_sha224
EVP_sha384
EVP_sha512
EVP_PKEY_assign
EVP_PKEY_new
EC_KEY_new_by_curve_name
EC_KEY_free
EC_KEY_set_asn1_flag
EC_KEY_generate_key
X509_sign
X509_digest
X509_gmtime_adj
ERR_error_string
ERR_peek_error
PEM_write_bio_X509
X509_NAME_add_entry_by_txt
X509_set_pubkey
X509_getm_notAfter
X509_getm_notBefore
X509_set_issuer_name
X509_get_serialNumber
X509_set_version
ERR_error_string_n
ERR_get_error
PEM_read_bio_PrivateKey
PEM_read_bio_X509
d2i_PKCS12_bio
PKCS12_parse
PKCS12_free
X509_NAME_get_text_by_NID
X509_get_subject_name
X509_free
X509_dup
d2i_X509_bio
EVP_PKEY_free
BIO_new_mem_buf
BIO_ctrl
BIO_free
BIO_new_file
ERR_clear_error
CONF_modules_unload
X509_verify_cert_error_string
X509_STORE_CTX_get_error_depth
X509_STORE_CTX_get_error
BIO_s_mem
BIO_write
BIO_read
BIO_new
OPENSSL_init_crypto
HMAC_Final
HMAC_Update
HMAC_Init_ex
HMAC_CTX_free
HMAC_CTX_reset
HMAC_CTX_new
EVP_sha256
X509_new

ws2_32

htonl
ntohl
ntohs
htons
getpeername
bind
closesocket
connect
ioctlsocket
getsockname
getsockopt
inet_addr
setsockopt
socket
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
WSAGetLastError
sendto
accept
recvfrom
shutdown
listen
__WSAFDIsSet
send
recv
select

iphlpapi

GetAdaptersInfo

kernel32

SetEndOfFile
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
RemoveDirectoryW
CreateDirectoryW
DeleteFileW
MoveFileExW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFullPathNameW
GetCurrentDirectoryW
CreatePipe
GetFileAttributesExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
GetModuleHandleW
GetSystemTimeAsFileTime
EnumSystemLocalesW
QueryPerformanceFrequency
QueryPerformanceCounter
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetNativeSystemInfo
GetExitCodeThread
WaitForSingleObjectEx
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetCPInfo
RtlUnwind
CloseHandle
GetLastError
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateProcessA
SetConsoleCtrlHandler
GetSystemDirectoryA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
Sleep
GetCurrentThread
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
LocalFree
GetStdHandle
GetTimeZoneInformation
SetConsoleTextAttribute
SetThreadPriority
FindClose
FindFirstFileA
FindNextFileA
SetStdHandle
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetFileType
DuplicateHandle
CreateProcessW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
CreateThread
ExitThread
FreeLibraryAndExitThread
LoadLibraryExW

srtp2

srtp_init
srtp_shutdown
srtp_protect
srtp_unprotect
srtp_create
srtp_crypto_policy_set_rtp_default
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32
srtp_crypto_policy_set_aes_gcm_128_16_auth
srtp_crypto_policy_set_aes_gcm_256_16_auth
srtp_dealloc
srtp_protect_rtcp
srtp_unprotect_rtcp
srtp_install_event_handler
srtp_get_version_string

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 750KB - Virtual size: 749KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fd7af213053492d96a6c783e0b06959

Headers

DLL Characteristics

File Characteristics

Imports

libssl-3-x64

libcrypto-3-x64

ws2_32

iphlpapi

kernel32

srtp2

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 750KB - Virtual size: 749KB

.data Size: 268KB - Virtual size: 297KB

.pdata Size: 102KB - Virtual size: 102KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 750KB - Virtual size: 749KB

.data
Size: 268KB - Virtual size: 297KB

.pdata
Size: 102KB - Virtual size: 102KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 32KB - Virtual size: 31KB