577181321da9ffc6c280db1c54d64f92234b26995035c57bfaa83d2823323c37

Sharing

Copy URL Twitter E-mail

General

Target

577181321da9ffc6c280db1c54d64f92234b26995035c57bfaa83d2823323c37
Size

1.3MB
MD5

b7e166c4e1153dae18adb0d5f9e763f9
SHA1

f9f18757569a67bd5761484df3409a0290e42e70
SHA256

577181321da9ffc6c280db1c54d64f92234b26995035c57bfaa83d2823323c37
SHA512

afe6a77b76c08332a985670dfadcb8899be468cae1c8c578d4a4a510595885711a3852cd5e71f7f8b989b182907c33c5dedfcfa8bb9176064dc11e09c1653775
SSDEEP

24576:4UAcvQ/qpyr0kb0S6OPz/R+ldSPOpQvoBk5NqOG/ga/BTTzPnsmRr0IIWyH:HvQ/qpyr0kiOz/AubAtTzPnsmKIIWyH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
577181321da9ffc6c280db1c54d64f92234b26995035c57bfaa83d2823323c37

Files

577181321da9ffc6c280db1c54d64f92234b26995035c57bfaa83d2823323c37
.exe windows:5 windows x86 arch:x86

0e4f755905c9148392e1b9c6c6e2f1a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\A_code\vpn\1_code\src\Release\sslvpn-auth.pdb

Imports

kernel32

GetCurrentProcessId
GetTickCount
GlobalMemoryStatus
CloseHandle
FreeLibrary
LoadLibraryA
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetLastError
GetSystemTime
SystemTimeToFileTime
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTimeAsFileTime
FormatMessageW
WideCharToMultiByte
FindNextFileW
LoadLibraryW
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleExW
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetLastError
WriteFile
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
FindFirstFileW
FindClose
OutputDebugStringW
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
LocalFree
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter

user32

GetUserObjectInformationW
MessageBoxW
GetForegroundWindow
GetActiveWindow
GetProcessWindowStation

advapi32

CryptReleaseContext
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
DeregisterEventSource

ws2_32

recv
getnameinfo
freeaddrinfo
getaddrinfo
WSAGetLastError
gethostbyname
ntohs
send
ioctlsocket
WSACleanup
WSAStartup
WSASetLastError
closesocket
inet_addr
htons
inet_ntoa
sendto
shutdown
connect
setsockopt
socket
getsockopt

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertCompareCertificate
CertOpenStore

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z

msvcr120

printf
_CxxThrowException
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
_stat64i32
??3@YAXPAX@Z
_vsnwprintf
sprintf_s
wcsstr
strstr
strncpy_s
memmove
_purecall
??2@YAPAXI@Z
getenv
strncmp
free
malloc
realloc
memcpy
memset
strchr
_exit
_vsnprintf
raise
isspace
strrchr
__iob_func
fprintf
isdigit
strtol
_strnicmp
strerror_s
strcmp
qsort
_time64
fclose
feof
ferror
fflush
fgets
_fileno
fread
fseek
ftell
fwrite
_errno
_setmode
isxdigit
strtoul
sprintf
strncpy
fopen
_wfopen
strcspn
strspn
tolower
_stricmp
atoi
sscanf
memchr
_gmtime64
fputs
signal
abort
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_except1
__CxxFrameHandler3

shlwapi

StrToIntW

shell32

CommandLineToArgvW

Sections

.text
Size: 903KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e4f755905c9148392e1b9c6c6e2f1a5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ws2_32

crypt32

msvcp120

msvcr120

shlwapi

shell32

Sections

.text Size: 903KB - Virtual size: 902KB

.rdata Size: 344KB - Virtual size: 343KB

.data Size: 41KB - Virtual size: 52KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 50KB - Virtual size: 49KB

.text
Size: 903KB - Virtual size: 902KB

.rdata
Size: 344KB - Virtual size: 343KB

.data
Size: 41KB - Virtual size: 52KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 50KB - Virtual size: 49KB