d2c6ebb65629faebad64629a498f4710b7e916a855c68d43a0775e485c4429e4

Sharing

Copy URL Twitter E-mail

General

Target

d2c6ebb65629faebad64629a498f4710b7e916a855c68d43a0775e485c4429e4
Size

6.5MB
MD5

798e9e1fe1383d5c49e9745a5fd5dbff
SHA1

d8365c6e44efc8a4e6a029a4223b6513e514e7d0
SHA256

d2c6ebb65629faebad64629a498f4710b7e916a855c68d43a0775e485c4429e4
SHA512

e84206255fd87b94e72f0e646e0b1624f3636db745fcd48704022fd06e67ccab2d57b8d8ce6e244ed4cfb9d7a7decdbe48b121944f40e7ed35858305d1d0e9fe
SSDEEP

196608:21w0FjKM7wgkLeP5UV+Ap4FLOyomFHKnP+UOQq:g1D0gnFF7UOQq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2c6ebb65629faebad64629a498f4710b7e916a855c68d43a0775e485c4429e4

Files

d2c6ebb65629faebad64629a498f4710b7e916a855c68d43a0775e485c4429e4
.exe windows:6 windows x86 arch:x86

0f2effd34a09978e0b4977ae1c8c21d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ci-jenkins\workspace\DiamondRing\DRS_Client_5.3\DRScanner-Client\src\build\symbol\Release\Win32\DRScanner.pdb

Imports

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpSendRequest
WinHttpCloseHandle

ws2_32

recvfrom
sendto
shutdown
getaddrinfo
freeaddrinfo
getnameinfo
select
inet_addr
WSAStartup
inet_ntoa
__WSAFDIsSet
ioctlsocket
ntohl
inet_pton
closesocket
listen
htonl
accept
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
recv
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
gethostname
getservbyname
gethostbyname

wldap32

ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord217
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord27
ord26
ord143

normaliz

IdnToAscii

kernel32

CreateSemaphoreA
SearchPathW
GetProfileIntW
GetTempFileNameW
LCMapStringW
GetCPInfo
TryEnterCriticalSection
GetStringTypeW
LoadLibraryExA
FindResourceExW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualFree
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateWaitableTimerA
GetLogicalProcessorInformation
SetWaitableTimer
OpenEventA
ResetEvent
IsDebuggerPresent
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
lstrcmpiW
GetVolumeInformationW
VerifyVersionInfoW
VirtualProtect
GlobalFlags
CompareStringW
GetThreadLocale
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetLastError
GlobalFree
WideCharToMultiByte
LocalFree
GetCurrentProcess
CloseHandle
LocalAlloc
OpenProcess
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLocalTime
MultiByteToWideChar
FindClose
FindFirstFileW
FindNextFileW
CreateDirectoryW
MoveFileExW
RemoveDirectoryW
GetCurrentDirectoryW
CreateFileW
SetFilePointer
ReadFile
WriteFile
FlushFileBuffers
GetFileSize
LockFile
UnlockFile
SetEndOfFile
GetFileAttributesW
DeleteFileW
SetFileAttributesW
CopyFileW
GetFullPathNameW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleW
GetWindowsDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
LoadLibraryW
FreeLibrary
Sleep
GetVersionExW
GetSystemInfo
GetCurrentProcessId
CreateProcessW
ResumeThread
WaitForSingleObject
GetExitCodeProcess
HeapAlloc
GetProcessHeap
HeapFree
SetLastError
GetTickCount
GetModuleHandleA
CreateEventA
lstrcpyW
DuplicateHandle
ReleaseSemaphore
GetSystemTimeAsFileTime
WaitForSingleObjectEx
SetEvent
SetThreadPriority
GetCurrentThreadId
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetLocaleInfoW
OutputDebugStringW
GetModuleFileNameW
GetTempPathW
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
DecodePointer
HeapDestroy
lstrlenA
LoadLibraryA
GetTempPathA
GetTempFileNameA
DeleteFileA
CreateEventW
WaitForMultipleObjectsEx
SetUnhandledExceptionFilter
IsBadCodePtr
GetModuleHandleExW
GetCurrentThread
FormatMessageW
SetErrorMode
OpenEventW
TerminateProcess
GetUserDefaultLocaleName
GetModuleFileNameA
GetCommandLineW
CreateThread
CreateSemaphoreW
SetDllDirectoryW
LoadLibraryExW
GlobalAlloc
GetStartupInfoW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreatePipe
PeekNamedPipe
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
VerifyVersionInfoA
GetStdHandle
GetFileType
QueryPerformanceCounter
MoveFileExA
GetEnvironmentVariableA
WaitForMultipleObjects
FormatMessageA
FlushConsoleInputBuffer
GetSystemTime
SystemTimeToFileTime
GlobalMemoryStatus
GlobalSize
MulDiv
GlobalDeleteAtom
lstrcmpA
lstrcmpW
OutputDebugStringA
EncodePointer
FreeResource
GlobalAddAtomW
GlobalFindAtomW
VirtualQuery

msimg32

TransparentBlt
AlphaBlend

comctl32

InitCommonControlsEx

oledlg

OleUIBusyW

gdiplus

GdiplusShutdown
GdipGetImagePixelFormat
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipAlloc
GdipDrawImageRectI

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

winmm

PlaySoundW

vcruntime140

wcsstr
wcsrchr
strstr
strchr
memchr
__std_type_info_compare
memcpy
memset
wcschr
_purecall
__CxxFrameHandler3
memcmp
__uncaught_exception
__RTDynamicCast
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__current_exception
__processing_throw
_CxxThrowException
__std_exception_copy
strrchr
__std_exception_destroy
__std_terminate
memmove
__AdjustPointer

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_open
__stdio_common_vsnwprintf_s
_fileno
_close
_wfopen
_write
_lseeki64
fgets
_read
__p__commode
ftell
feof
__stdio_common_vsscanf
fputs
fseek
fopen
__stdio_common_vswprintf_s
fopen_s
__stdio_common_vsprintf
fread
_wfopen_s
__stdio_common_vfprintf
__acrt_iob_func
fclose
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
fwrite
_setmode
fgetpos
ungetwc
fputwc
fgetwc
_fseeki64
fsetpos
setvbuf
fflush
ungetc
fputc
fgetc
__stdio_common_vswprintf
__stdio_common_vswscanf
ferror
_wfsopen

api-ms-win-crt-runtime-l1-1-0

terminate
_controlfp_s
_get_errno
_register_onexit_function
_initialize_onexit_table
_get_doserrno
_set_invalid_parameter_handler
strerror
_errno
_invalid_parameter_noinfo
_exit
exit
raise
_getpid
_resetstkoflw
_endthread
_beginthreadex
__sys_nerr
_beginthread
_register_thread_local_exe_atexit_callback
_c_exit
abort
_invalid_parameter_noinfo_noreturn
_cexit
_seh_filter_exe
_set_app_type
signal
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_crt_atexit

api-ms-win-crt-heap-l1-1-0

realloc
calloc
malloc
_msize
_expand
free
_malloc_base
_set_new_mode
_realloc_base
_calloc_base
_free_base
_recalloc

api-ms-win-crt-string-l1-1-0

islower
towlower
iswalpha
iswalnum
wcscoll
_wcslwr_s
isspace
strcspn
wcspbrk
_wcsicoll
iswspace
iswdigit
__strncnt
_wcsicmp
_wcsupr_s
strcpy_s
_strnicmp
wcsncmp
towupper
_strdup
wcsspn
wcscspn
strncpy
wcsnlen
wcscmp
_wcsdup
wcscat_s
strlen
wcslen
toupper
wmemcpy_s
isupper
strcmp
wcsncpy_s
strncmp
isxdigit
isdigit
strspn
wcscpy_s
iswprint
strpbrk
tolower
strncpy_s

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales
___lc_collate_cp_func
setlocale
___mb_cur_max_func
__pctype_func
___lc_locale_name_func
_configthreadlocale
___lc_codepage_func
localeconv

api-ms-win-crt-math-l1-1-0

exp
cos
floor
_CIexp
sqrt
frexp
ceil
atan2
_except1
_CIpow
sin
_CIsqrt
__setusermatherr
ldexp

api-ms-win-crt-convert-l1-1-0

strtoul
wcstoul
_ltow_s
strtof
_wtol
wcstol
strtod
_wtoi
strtol
strtoll
atoi
_ultow_s

api-ms-win-crt-filesystem-l1-1-0

_wfullpath
_wsplitpath_s
_lock_file
_unlock_file
_stat64
_stat64i32
_wmakepath_s
_unlink
_access
_fstat64

api-ms-win-crt-time-l1-1-0

clock
_gmtime64_s
_Getdays
_Strftime
_Gettnames
_Getmonths
_localtime64
_Wcsftime
_W_Gettnames
_W_Getmonths
_gmtime64
_W_Getdays
_mktime64
_time64
_localtime64_s

api-ms-win-crt-utility-l1-1-0

labs
abs
qsort
ldiv

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-multibyte-l1-1-0

_ismbblead

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 792KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f2effd34a09978e0b4977ae1c8c21d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

ws2_32

wldap32

normaliz

kernel32

msimg32

comctl32

oledlg

gdiplus

version

iphlpapi

winmm

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 773KB - Virtual size: 773KB

.data Size: 93KB - Virtual size: 132KB

.gfids Size: 112KB - Virtual size: 111KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 792KB - Virtual size: 796KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 773KB - Virtual size: 773KB

.data
Size: 93KB - Virtual size: 132KB

.gfids
Size: 112KB - Virtual size: 111KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 792KB - Virtual size: 796KB