97f7057414a8fb62fb31e21230523fb92a212e8416a6486e16c7833818e936bf

Sharing

Copy URL Twitter E-mail

General

Target

97f7057414a8fb62fb31e21230523fb92a212e8416a6486e16c7833818e936bf
Size

3.1MB
MD5

191211c89170951508ff09d2e4c82eee
SHA1

443a85448c9d27bc937ee512e75e538c519fdb00
SHA256

97f7057414a8fb62fb31e21230523fb92a212e8416a6486e16c7833818e936bf
SHA512

a9b50a02f25c99e8fb19494793d94d2482a8afdc893aa1181bbf99e7f0015fa98740d9db125f1fa3955032b8ff841f5f6079c4fb5ca342ee5d0ed458496ead2e
SSDEEP

49152:s7cU5mqD/XSBk+I3LGAZRtpHOGxb0y6pnwu2J9eY1hwBm5n7QAvPwJXDWFiyA/Ky:sYU/D/XaIbGGYqbL6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97f7057414a8fb62fb31e21230523fb92a212e8416a6486e16c7833818e936bf

Files

97f7057414a8fb62fb31e21230523fb92a212e8416a6486e16c7833818e936bf
.dll windows:5 windows x64 arch:x64

5a8df94995a6a605734169d904fd33a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\Jenkins\Release\src\lib\perl\perl-5.38.2\perl538.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
TlsAlloc
CreateSemaphoreA
GetLogicalDrives
GetFullPathNameW
GetFullPathNameA
GetCurrentThreadId
FreeEnvironmentStringsW
SetCurrentDirectoryA
GetLogicalDriveStringsW
GetFileAttributesA
DisableThreadLibraryCalls
CreateThread
SetCurrentDirectoryW
DeleteCriticalSection
TlsFree
GetEnvironmentStringsW
SetConsoleCtrlHandler
FindFirstFileW
Process32First
SetHandleInformation
FindFirstFileA
VirtualProtect
FindNextFileW
GetCurrentProcess
GetStdHandle
GetShortPathNameW
DeviceIoControl
TerminateProcess
LoadLibraryExA
SetFileTime
WaitForMultipleObjects
GetConsoleCP
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
CreateHardLinkW
GetEnvironmentVariableA
FindClose
LocalAlloc
GetCurrentDirectoryA
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
ReleaseSemaphore
Sleep
GetConsoleMode
GetFileInformationByHandle
GetTempPathA
GetModuleHandleExA
MoveFileExA
CreateFileA
FileTimeToSystemTime
GetSystemDirectoryA
TerminateThread
ReadConsoleW
GetVersionExA
Process32Next
CloseHandle
GetSystemInfo
SetFileAttributesA
GetProcAddress
LocalFree
LockFileEx
SetEnvironmentVariableA
SystemTimeToFileTime
GetEnvironmentStrings
CreateProcessA
GetSystemTimeAsFileTime
GetFileType
FormatMessageA
GetTempFileNameA
FreeEnvironmentStringsA
GetProcessTimes
GenerateConsoleCtrlEvent
GetComputerNameA
GetExitCodeProcess
TlsSetValue
TlsGetValue
FreeLibrary
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RaiseException
VirtualQuery
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
GetExitCodeThread
GetModuleFileNameW
RtlCaptureContext

user32

MsgWaitForMultipleObjects
DestroyWindow
DispatchMessageA
CharUpperA
PostMessageA
PostQuitMessage
KillTimer
PeekMessageA
CallMsgFilterA
TranslateMessage
CreateWindowExA
SetTimer
DefWindowProcA
RegisterClassA
PostThreadMessageA

advapi32

RegQueryValueExA
RegOpenKeyExW
RegCloseKey
GetUserNameA

comctl32

ord17

vcruntime140

__std_exception_copy
_CxxThrowException
__std_type_info_destroy_list
__C_specific_handler
wcschr
longjmp
strstr
memcmp
strrchr
memcpy
strchr
memchr
memset
memmove
__std_exception_destroy
__intrinsic_setjmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

_stricmp
tolower
strncmp
wcslen
strcat
wcscat
strncpy
wcsncpy
strlen
wcscpy
strcpy
_wcsnicmp
strspn
strxfrm
isprint
isdigit
ispunct
strpbrk
isspace
iscntrl
isalnum
toupper
strcmp
isxdigit
isalpha
_strupr
isgraph
isupper
islower

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_seh_filter_dll
_errno
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
strerror
signal
_execute_onexit_table
exit
__sys_nerr
abort
_cexit
_control87
_getpid
perror
_initterm
_set_invalid_parameter_handler

api-ms-win-crt-convert-l1-1-0

wcstombs
mbtowc
atoi
strtod

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
_mkgmtime64
clock
strftime
_localtime64

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale
_wsetlocale
___mb_cur_max_func
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

_fpclass
_dclass
pow
exp
frexp
modf
sqrt
atan2
log
ldexp
fmod
fabs
sin
floor
ceil
cos
_fdopen

api-ms-win-crt-environment-l1-1-0

__p__environ
_putenv

api-ms-win-crt-utility-l1-1-0

abs
bsearch
qsort

api-ms-win-crt-stdio-l1-1-0

fseek
_telli64
putc
puts
getc
_close
_write
rewind
putchar
clearerr
fwrite
_pipe
setbuf
fflush
__p__fmode
fputs
setvbuf
gets
ferror
getchar
feof
_get_osfhandle
fputc
fread
freopen
ungetc
_open_osfhandle
__stdio_common_vfprintf
fgetc
fclose
_eof
__acrt_iob_func
_getcwd
fsetpos
_mktemp
_fileno
_flushall
fgetpos
_setmode
_open
tmpnam
_dup2
__stdio_common_vsprintf
_fcloseall
fopen
_read
_dup
_lseeki64
fgets

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
realloc
_callnewh

api-ms-win-crt-process-l1-1-0

_spawnv
_execl
_execvp
_execv

api-ms-win-crt-filesystem-l1-1-0

_chdir
_access
_chmod
_umask
_unlink
_rmdir
_mkdir

Exports

Exports

PL_EXACTFish_bitmask
PL_EXACT_REQ8_bitmask
PL_No
PL_WARN_ALL
PL_WARN_NONE
PL_Yes
PL_Zero
PL_bincompat_options
PL_bitcount
PL_block_type
PL_c9_utf8_dfa_tab
PL_charclass
PL_check
PL_check_mutex
PL_core_reg_engine
PL_csighandler1p
PL_csighandler3p
PL_csighandlerp
PL_curinterp
PL_deBruijn_bitpos_tab32
PL_deBruijn_bitpos_tab64
PL_do_undump
PL_dollarzero_mutex
PL_env_mutex
PL_extended_cp_format
PL_extended_utf8_dfa_tab
PL_fold
PL_fold_latin1
PL_hash_seed_set
PL_hash_seed_w
PL_hash_state_w
PL_hexdigit
PL_hints_mutex
PL_inf
PL_infix_plugin
PL_interp_size
PL_interp_size_5_18_0
PL_isa_DOES
PL_keyword_plugin
PL_keyword_plugin_mutex
PL_latin1_lc
PL_locale_mutex
PL_magic_data
PL_magic_vtable_names
PL_magic_vtables
PL_memory_wrap
PL_mod_latin1_uc
PL_my_ctx_mutex
PL_my_cxt_index
PL_my_environ
PL_nan
PL_no_aelem
PL_no_dir_func
PL_no_func
PL_no_helem_sv
PL_no_localize_ref
PL_no_mem
PL_no_modify
PL_no_myglob
PL_no_security
PL_no_sock_func
PL_no_symref
PL_no_usym
PL_no_wrongref
PL_op_desc
PL_op_mutex
PL_op_name
PL_op_private_bitdef_ix
PL_op_private_bitdefs
PL_op_private_bitfields
PL_op_private_labels
PL_op_private_valid
PL_op_seq
PL_op_sequence
PL_opargs
PL_origenviron
PL_perlio_debug_fd
PL_perlio_fd_refcnt
PL_perlio_fd_refcnt_size
PL_perlio_mutex
PL_phase_names
PL_ppaddr
PL_reg_extflags_name
PL_reg_intflags_name
PL_regnode_info
PL_regnode_name
PL_revision
PL_runops_dbg
PL_runops_std
PL_sh_path
PL_sig_name
PL_sig_num
PL_sig_trapped
PL_sigfpe_saved
PL_simple
PL_simple_bitmask
PL_strategy_accept
PL_strategy_dup
PL_strategy_dup2
PL_strategy_mkstemp
PL_strategy_open
PL_strategy_open3
PL_strategy_pipe
PL_strategy_socket
PL_strategy_socketpair
PL_strict_utf8_dfa_tab
PL_subversion
PL_sv_placeholder
PL_thr_key
PL_user_def_props
PL_user_def_props_aTHX
PL_user_prop_mutex
PL_utf8skip
PL_uuemap
PL_valid_types_IVX
PL_valid_types_IV_set
PL_valid_types_NVX
PL_valid_types_NV_set
PL_valid_types_PVX
PL_valid_types_RV
PL_varies
PL_varies_bitmask
PL_version
PL_veto_cleanup
PL_veto_switch_non_tTHX_context
PL_warn_nl
PL_warn_nosemi
PL_warn_reserved
PL_warn_uninit
PL_watch_pvx
PerlIOBase_binmode
PerlIOBase_clearerr
PerlIOBase_close
PerlIOBase_dup
PerlIOBase_eof
PerlIOBase_error
PerlIOBase_fileno
PerlIOBase_noop_fail
PerlIOBase_noop_ok
PerlIOBase_open
PerlIOBase_popped
PerlIOBase_pushed
PerlIOBase_read
PerlIOBase_setlinebuf
PerlIOBase_unread
PerlIOBuf_bufsiz
PerlIOBuf_close
PerlIOBuf_dup
PerlIOBuf_fill
PerlIOBuf_flush
PerlIOBuf_get_base
PerlIOBuf_get_cnt
PerlIOBuf_get_ptr
PerlIOBuf_open
PerlIOBuf_popped
PerlIOBuf_pushed
PerlIOBuf_read
PerlIOBuf_seek
PerlIOBuf_set_ptrcnt
PerlIOBuf_tell
PerlIOBuf_unread
PerlIOBuf_write
PerlIO_allocate
PerlIO_apply_layera
PerlIO_apply_layers
PerlIO_arg_fetch
PerlIO_binmode
PerlIO_byte
PerlIO_canset_cnt
PerlIO_crlf
PerlIO_debug
PerlIO_define_layer
PerlIO_exportFILE
PerlIO_fast_gets
PerlIO_fdopen
PerlIO_findFILE
PerlIO_find_layer
PerlIO_getc
PerlIO_getname
PerlIO_getpos
PerlIO_has_base
PerlIO_has_cntptr
PerlIO_importFILE
PerlIO_init
PerlIO_isutf8
PerlIO_layer_fetch
PerlIO_list_alloc
PerlIO_list_free
PerlIO_modestr
PerlIO_open
PerlIO_parse_layers
PerlIO_pending
PerlIO_perlio
PerlIO_pop
PerlIO_printf
PerlIO_push
PerlIO_putc
PerlIO_puts
PerlIO_raw
PerlIO_releaseFILE
PerlIO_reopen
PerlIO_rewind
PerlIO_setpos
PerlIO_stdio
PerlIO_stdoutf
PerlIO_sv_dup
PerlIO_teardown
PerlIO_tmpfile
PerlIO_ungetc
PerlIO_unix
PerlIO_utf8
PerlIO_vprintf
Perl_Gv_AMupdate
Perl_PerlIO_clearerr
Perl_PerlIO_close
Perl_PerlIO_context_layers
Perl_PerlIO_eof
Perl_PerlIO_error
Perl_PerlIO_fileno
Perl_PerlIO_fill
Perl_PerlIO_flush
Perl_PerlIO_get_base
Perl_PerlIO_get_bufsiz
Perl_PerlIO_get_cnt
Perl_PerlIO_get_ptr
Perl_PerlIO_read
Perl_PerlIO_restore_errno
Perl_PerlIO_save_errno
Perl_PerlIO_seek
Perl_PerlIO_set_cnt
Perl_PerlIO_set_ptrcnt
Perl_PerlIO_setlinebuf
Perl_PerlIO_stderr
Perl_PerlIO_stdin
Perl_PerlIO_stdout
Perl_PerlIO_tell
Perl_PerlIO_unread
Perl_PerlIO_write
Perl_Slab_Alloc
Perl_Slab_Free
Perl__add_range_to_invlist
Perl__byte_dump_string
Perl__force_out_malformed_utf8_message
Perl__inverse_folds
Perl__invlistEQ
Perl__invlist_dump
Perl__invlist_intersection_maybe_complement_2nd
Perl__invlist_invert
Perl__invlist_search
Perl__invlist_union_maybe_complement_2nd
Perl__is_in_locale_category
Perl__is_uni_FOO
Perl__is_uni_perl_idcont
Perl__is_uni_perl_idstart
Perl__is_utf8_FOO
Perl__is_utf8_perl_idcont
Perl__is_utf8_perl_idstart
Perl__new_invlist
Perl__new_invlist_C_array
Perl__setup_canned_invlist
Perl__to_fold_latin1
Perl__to_uni_fold_flags
Perl__to_utf8_fold_flags
Perl__to_utf8_lower_flags
Perl__to_utf8_title_flags
Perl__to_utf8_upper_flags
Perl__utf8n_to_uvchr_msgs_helper
Perl__warn_problematic_locale
Perl_alloccopstash
Perl_amagic_applies
Perl_amagic_call
Perl_amagic_deref_call
Perl_any_dup
Perl_apply_attrs_string
Perl_apply_builtin_cv_attributes
Perl_atfork_lock
Perl_atfork_unlock
Perl_av_arylen_p
Perl_av_clear
Perl_av_delete
Perl_av_dump
Perl_av_exists
Perl_av_extend
Perl_av_fetch
Perl_av_fill
Perl_av_iter_p
Perl_av_len
Perl_av_make
Perl_av_pop
Perl_av_push
Perl_av_reify
Perl_av_shift
Perl_av_store
Perl_av_undef
Perl_av_unshift
Perl_block_end
Perl_block_gimme
Perl_block_start
Perl_blockhook_register
Perl_bytes_cmp_utf8
Perl_bytes_from_utf8
Perl_bytes_from_utf8_loc
Perl_bytes_to_utf8
Perl_call_argv
Perl_call_atexit
Perl_call_list
Perl_call_method
Perl_call_pv
Perl_call_sv
Perl_caller_cx
Perl_calloc
Perl_cast_i32
Perl_cast_iv
Perl_cast_ulong
Perl_cast_uv
Perl_ck_entersub_args_list
Perl_ck_entersub_args_proto
Perl_ck_entersub_args_proto_or_list
Perl_ck_warner
Perl_ck_warner_d
Perl_ckwarn
Perl_ckwarn_d
Perl_class_add_ADJUST
Perl_class_add_field
Perl_class_apply_attributes
Perl_class_apply_field_attributes
Perl_class_prepare_initfield_parse
Perl_class_prepare_method_parse
Perl_class_seal_stash
Perl_class_set_field_defop
Perl_class_setup_stash
Perl_class_wrap_method_body
Perl_clear_defarray
Perl_clone_params_del
Perl_clone_params_new
Perl_cntrl_to_mnemonic
Perl_cop_fetch_label
Perl_cop_store_label
Perl_croak
Perl_croak_kw_unless_class
Perl_croak_no_modify
Perl_croak_nocontext
Perl_croak_popstack
Perl_croak_sv
Perl_croak_xs_usage
Perl_csighandler
Perl_csighandler1
Perl_csighandler3
Perl_current_re_engine
Perl_custom_op_get_field
Perl_custom_op_register
Perl_cv_ckproto_len_flags
Perl_cv_clone
Perl_cv_const_sv
Perl_cv_get_call_checker
Perl_cv_get_call_checker_flags
Perl_cv_name
Perl_cv_set_call_checker
Perl_cv_set_call_checker_flags
Perl_cv_undef
Perl_cvgv_from_hek
Perl_cvgv_set
Perl_cvstash_set
Perl_cx_dump
Perl_cx_dup
Perl_cxinc
Perl_deb
Perl_deb_nocontext
Perl_delimcpy
Perl_delimcpy_no_escape
Perl_despatch_signals
Perl_die
Perl_die_nocontext
Perl_die_sv
Perl_dirp_dup
Perl_do_aexec
Perl_do_aspawn
Perl_do_close
Perl_do_gv_dump
Perl_do_gvgv_dump
Perl_do_hv_dump
Perl_do_join
Perl_do_magic_dump
Perl_do_op_dump
Perl_do_open
Perl_do_openn
Perl_do_pmop_dump
Perl_do_spawn
Perl_do_spawn_nowait
Perl_do_sprintf
Perl_do_sv_dump
Perl_do_uniprop_match
Perl_doing_taint
Perl_doref
Perl_dounwind
Perl_dowantarray
Perl_drand48_init_r
Perl_drand48_r
Perl_dump_all
Perl_dump_eval
Perl_dump_form
Perl_dump_indent
Perl_dump_packsubs
Perl_dump_sub
Perl_dump_vindent
Perl_dup_warnings
Perl_emulate_cop_io
Perl_eval_pv
Perl_eval_sv
Perl_fbm_compile
Perl_fbm_instr
Perl_filter_add
Perl_filter_del
Perl_filter_read
Perl_finalize_optree
Perl_find_runcv
Perl_find_rundefsv
Perl_foldEQ_utf8_flags
Perl_forbid_outofblock_ops
Perl_form
Perl_form_alien_digit_msg
Perl_form_cp_too_large_msg
Perl_form_nocontext
Perl_fp_dup
Perl_free_tmps
Perl_get_and_check_backslash_N_name
Perl_get_av
Perl_get_context
Perl_get_cv
Perl_get_cvn_flags
Perl_get_deprecated_property_msg
Perl_get_hv
Perl_get_op_descs
Perl_get_op_names
Perl_get_ppaddr
Perl_get_prop_definition
Perl_get_prop_values
Perl_get_re_arg
Perl_get_sv
Perl_getcwd_sv
Perl_gp_dup
Perl_gp_free
Perl_gp_ref
Perl_grok_atoUV
Perl_grok_bin
Perl_grok_bin_oct_hex
Perl_grok_bslash_c
Perl_grok_bslash_o
Perl_grok_bslash_x
Perl_grok_hex
Perl_grok_infnan
Perl_grok_number
Perl_grok_number_flags
Perl_grok_numeric_radix
Perl_grok_oct
Perl_gv_AVadd
Perl_gv_HVadd
Perl_gv_IOadd
Perl_gv_SVadd
Perl_gv_add_by_type
Perl_gv_autoload_pv
Perl_gv_autoload_pvn
Perl_gv_autoload_sv
Perl_gv_check
Perl_gv_const_sv
Perl_gv_dump
Perl_gv_efullname3
Perl_gv_efullname4
Perl_gv_fetchfile
Perl_gv_fetchfile_flags
Perl_gv_fetchmeth_pv
Perl_gv_fetchmeth_pv_autoload
Perl_gv_fetchmeth_pvn
Perl_gv_fetchmeth_pvn_autoload
Perl_gv_fetchmeth_sv
Perl_gv_fetchmeth_sv_autoload
Perl_gv_fetchmethod
Perl_gv_fetchmethod_autoload
Perl_gv_fetchmethod_pv_flags
Perl_gv_fetchmethod_pvn_flags
Perl_gv_fetchmethod_sv_flags
Perl_gv_fetchpv
Perl_gv_fetchpvn_flags
Perl_gv_fetchsv
Perl_gv_fullname3
Perl_gv_fullname4
Perl_gv_handler
Perl_gv_init_pv
Perl_gv_init_pvn
Perl_gv_init_sv
Perl_gv_name_set
Perl_gv_stashpv
Perl_gv_stashpvn
Perl_gv_stashsv
Perl_gv_try_downgrade
Perl_he_dup
Perl_hek_dup
Perl_hv_bucket_ratio
Perl_hv_clear
Perl_hv_clear_placeholders

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a8df94995a6a605734169d904fd33a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

comctl32

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-process-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 7KB - Virtual size: 34KB

.pdata Size: 28KB - Virtual size: 27KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 7KB - Virtual size: 34KB

.pdata
Size: 28KB - Virtual size: 27KB

.reloc
Size: 16KB - Virtual size: 15KB