eec9a134f9681ade01b23e393bd4892fd42de43089137350d8fecf145465196e

Sharing

Copy URL Twitter E-mail

General

Target

eec9a134f9681ade01b23e393bd4892fd42de43089137350d8fecf145465196e
Size

2.2MB
MD5

cd6a6db0aae28ab84eb25a43bed7745f
SHA1

8253796d3f6c426c7cd8884e16392276e7e2cf4d
SHA256

eec9a134f9681ade01b23e393bd4892fd42de43089137350d8fecf145465196e
SHA512

c7f9123c3007232d7f063cfe55f856e2c2b8045305bb78148cb4664d35c9e37d899ff1130bf076b1862733db5dbdd402d134a9ce25227cd6d9548e7beae4ec5f
SSDEEP

49152:rD1XA+V1vQ/qpyr0kMuVCd5cmQPnsTv5pnJcyqeAdg:rD1XV1vQ/qpyr0kyPwsTvPnC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eec9a134f9681ade01b23e393bd4892fd42de43089137350d8fecf145465196e

Files

eec9a134f9681ade01b23e393bd4892fd42de43089137350d8fecf145465196e
.exe windows:5 windows x86 arch:x86

442aa0123c2611cf5666d70a39a5d410

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\A_code\vpn\1_code\src\Release\sslvpn-client.pdb

Imports

kernel32

GetLogicalDriveStringsW
GetPrivateProfileIntW
WritePrivateProfileStringW
CopyFileW
SetFilePointer
FlushFileBuffers
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SleepEx
GetModuleHandleExW
GetStdHandle
GetFileType
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
VerSetConditionMask
FormatMessageW
SwitchToFiber
DeleteFiber
CreateFiber
GlobalMemoryStatus
ConvertFiberToThread
MultiByteToWideChar
GetEnvironmentVariableW
GetConsoleMode
lstrlenW
ReadConsoleW
SetConsoleMode
SetLastError
GetSystemTime
SystemTimeToFileTime
IsProcessorFeaturePresent
EncodePointer
IsDebuggerPresent
UnmapViewOfFile
LoadLibraryW
SetWaitableTimer
CreateWaitableTimerW
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
lstrcpynW
OutputDebugStringW
GetComputerNameW
ReadFile
GetFileSize
GetPrivateProfileSectionW
FileTimeToSystemTime
LocalAlloc
GlobalAlloc
SetThreadLocale
SetThreadUILanguage
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetVolumeInformationW
GetDriveTypeW
GetOverlappedResult
CancelIo
DeviceIoControl
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetVersionExW
WaitForMultipleObjects
QueryPerformanceCounter
ReadConsoleA
VerifyVersionInfoW
GetPrivateProfileStringW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetProcAddress
LoadLibraryA
FreeLibrary
GetTempPathW
Sleep
GetLastError
WriteFile
GetLocalTime
GetWindowsDirectoryW
GetTickCount
WideCharToMultiByte
OpenEventW
ExitProcess
LocalFree
lstrcmpiW
GetCommandLineW
SetEvent
ResumeThread
CreateEventW
GetThreadLocale
SetCurrentDirectoryW
GetModuleFileNameW
ConvertThreadToFiber
CreateFileW
DeleteFileW
OpenProcess
RemoveDirectoryW
FindNextFileW
FindFirstFileW
FindClose
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
CreateThread
GlobalUnlock
GlobalLock
GlobalFree
TlsFree
GetModuleHandleW

user32

MsgWaitForMultipleObjects
PeekMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
LoadAcceleratorsW
SetWindowPos
LoadIconW
GetCursorPos
LoadMenuW
TrackPopupMenu
GetSubMenu
DestroyMenu
PostMessageW
RegisterWindowMessageW
CreateDialogParamW
GetDlgItem
GetWindowRect
SetForegroundWindow
GetParent
EnableWindow
DestroyWindow
GetDesktopWindow
FindWindowW
MessageBoxW
SetDlgItemTextW
DialogBoxParamW
MessageBoxExW
LoadStringW
GetSysColorBrush
GetDlgCtrlID
GetWindowTextW
ShowWindow
GetForegroundWindow
GetActiveWindow
GetUserObjectInformationW
GetProcessWindowStation
DrawTextW
FillRect
LoadImageW
SetWindowLongW
PostQuitMessage
KillTimer
BringWindowToTop
SetWindowTextW
SetTimer
DefWindowProcW
EndDialog
SendMessageW
SetFocus
DispatchMessageW

gdi32

RoundRect
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreatePatternBrush
DeleteDC
CreatePen

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

DeregisterEventSource
RegDeleteValueW
RegQueryValueExA
RegEnumKeyExA
ChangeServiceConfigW
ControlService
GetUserNameW
RegSetValueExA
RegOpenKeyExA
StartServiceW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegisterEventSourceW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW
CommandLineToArgvW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitialize
CoSetProxyBlanket

oleaut32

SysAllocStringLen
VarBstrCat
SysStringLen
VariantInit
SysFreeString
VarDateFromStr
VariantTimeToSystemTime
SysAllocString

msvcp120

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

shlwapi

SHDeleteKeyW
PathFileExistsW
StrStrIA
StrToIntW

ws2_32

getsockname
shutdown
recvfrom
connect
socket
getaddrinfo
ntohl
sendto
WSAGetOverlappedResult
gethostbyname
WSACreateEvent
WSACloseEvent
WSAEventSelect
WSARecvFrom
WSAResetEvent
WSACancelAsyncRequest
closesocket
ioctlsocket
setsockopt
WSASocketW
bind
WSAGetLastError
WSAIoctl
inet_ntoa
ntohs
getsockopt
WSACleanup
freeaddrinfo
getnameinfo
recv
send
htons
inet_addr
WSAStartup
htonl
WSASetLastError

iphlpapi

GetIpAddrTable
DeleteIpForwardEntry
GetAdaptersAddresses
GetAdapterIndex
GetAdaptersInfo
DeleteIPAddress
GetInterfaceInfo
IpReleaseAddress
IpRenewAddress
GetIpForwardTable
GetIfEntry
AddIPAddress
GetBestRoute
NotifyAddrChange
CancelIPChangeNotify
CreateIpForwardEntry

comctl32

InitCommonControlsEx

dbghelp

MiniDumpWriteDump

wininet

FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache
InternetSetCookieW
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetQueryOptionW
InternetSetOptionW
HttpSendRequestW
InternetErrorDlg
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW

sqlite3

sqlite3_close
sqlite3_exec
sqlite3_free
sqlite3_open
sqlite3_errmsg

crypt32

CertCreateCertificateContext
CertGetNameStringW
CertCompareCertificate
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCompareCertificateName
CertEnumCertificatesInStore
CertOpenStore

msvcr120

_libm_sse2_pow_precise
__CxxFrameHandler3
_CxxThrowException
_stat64i32
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_except1
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
abort
signal
fputs
strcspn
_gmtime64
sscanf
strcmp
strtol
fprintf
__iob_func
strtoul
strspn
_stricmp
_strnicmp
strrchr
_wfopen
fopen
strerror_s
isspace
raise
_exit
realloc
getenv
_setmode
_errno
ftell
fseek
fread
_fileno
fgets
ferror
feof
qsort
memset
memcpy
exit
vsprintf_s
remove
_access
_vsnprintf
wcsncmp
strcpy_s
strcat_s
strncpy_s
isalnum
isxdigit
_ftime64
?terminate@@YAXXZ
wcscpy_s
calloc
_vscwprintf
vswprintf_s
iswspace
wcschr
swscanf_s
wcstol
_mktime64
_localtime64_s
wcsftime
memchr
atoi
_wtoi
srand
strstr
strncpy
rand
_time64
printf
_beginthreadex
__argc
_purecall
fclose
memmove
fflush
fwrite
_local_unwind4
_wcsicmp
_waccess
wcsncpy_s
_snwprintf_s
wmemcpy_s
memmove_s
swprintf_s
sprintf_s
??_V@YAXPAX@Z
??2@YAPAXI@Z
tolower
strchr
strncmp
sprintf
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
malloc
free
wcsstr
isdigit
islower
isupper
wcsrchr

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipDrawImageRectI
GdipDeleteGraphics
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown

netapi32

NetShareEnum
NetUserChangePassword
NetUserGetInfo
NetApiBufferFree

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiCallClassInstaller

rpcrt4

UuidFromStringW

hid

HidD_GetAttributes
HidD_GetHidGuid

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

442aa0123c2611cf5666d70a39a5d410

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp120

shlwapi

ws2_32

iphlpapi

comctl32

dbghelp

wininet

sqlite3

crypt32

msvcr120

gdiplus

netapi32

version

psapi

setupapi

rpcrt4

hid

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 409KB - Virtual size: 409KB

.data Size: 46KB - Virtual size: 7.7MB

.rsrc Size: 590KB - Virtual size: 589KB

.reloc Size: 65KB - Virtual size: 65KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 409KB - Virtual size: 409KB

.data
Size: 46KB - Virtual size: 7.7MB

.rsrc
Size: 590KB - Virtual size: 589KB

.reloc
Size: 65KB - Virtual size: 65KB