291a776ade52f3644e6d3d1da852e5e45aadd3f5781316f1e5cf164f075d398e

Sharing

Copy URL

Twitter E-mail

General

Target

291a776ade52f3644e6d3d1da852e5e45aadd3f5781316f1e5cf164f075d398e
Size

896KB
MD5

f3b304c76ceb31cc0f74bf7fc8494de1
SHA1

9d6689cff87d806252ac936649e2987e6d613010
SHA256

291a776ade52f3644e6d3d1da852e5e45aadd3f5781316f1e5cf164f075d398e
SHA512

09ea5d3faae4135ff6d7fc96fc8a926a9ee61493ca898728c0497a02e35943239f64286e98d76403fc3345dc1f604578166413b60726d22e679a6b7d23041532
SSDEEP

24576:V2XM84kP0BRbSkdnqqFmr09jY3aiFgVBYFj:AXikWJSinSa0qiFgVuFj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
291a776ade52f3644e6d3d1da852e5e45aadd3f5781316f1e5cf164f075d398e

Files

291a776ade52f3644e6d3d1da852e5e45aadd3f5781316f1e5cf164f075d398e
.exe windows:5 windows x86 arch:x86

cfa319da0a181fc92392eb2191af80dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\domaincppserver\newguomi\cppWebServer\Release\cppWebServer.pdb

Imports

crypt32

CertGetIntendedKeyUsage
CryptProtectData
CertOpenStore
CertNameToStrA
CertCompareIntegerBlob
CryptSignMessage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore

libcurl

curl_easy_setopt
curl_easy_perform
curl_easy_cleanup
curl_slist_append
curl_easy_init

kernel32

GetTempFileNameW
GetTempPathW
CreateProcessW
lstrcpyA
WaitForSingleObject
GetDriveTypeW
GetVolumeInformationW
GetModuleFileNameA
lstrlenW
GetVersionExA
GlobalMemoryStatus
GetVersion
PostQueuedCompletionStatus
CreateSemaphoreA
CreateIoCompletionPort
GetQueuedCompletionStatus
ReleaseSemaphore
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceFrequency
GetSystemInfo
MapViewOfFile
CreateThread
CreateFileMappingA
FormatMessageA
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
GetTimeZoneInformation
WriteConsoleW
GetExitCodeProcess
LoadLibraryW
LocalAlloc
LocalFree
CopyFileA
GetTempPathA
CreateFileA
WriteFile
GetLogicalDriveStringsA
GetDriveTypeA
GetVolumeInformationA
lstrlenA
CreateProcessA
MultiByteToWideChar
DeleteFileW
Sleep
FreeLibrary
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcess
CloseHandle
GetPrivateProfileStringA
WritePrivateProfileSectionA
GetTickCount
GlobalAlloc
GlobalFree
MulDiv
GetLastError
GlobalLock
GlobalUnlock
UnmapViewOfFile
WideCharToMultiByte
HeapReAlloc
GetLocaleInfoW
GetStringTypeW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
SetStdHandle
GetModuleFileNameW
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
GetFileAttributesA
HeapCreate
ExitProcess
ResumeThread
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetProcAddress
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
ExitThread

user32

SendMessageA
FindWindowA
RegisterClassA
CreateWindowExA
MessageBoxA
GetWindowTextW
GetClassNameW
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
SetWindowTextW
EnumDesktopWindows
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
wsprintfA
GetSystemMetrics
wsprintfW
DispatchMessageA
MessageBoxW
DefWindowProcA
TrackPopupMenu
EnableMenuItem
SetForegroundWindow
GetCursorPos
AppendMenuA
CreatePopupMenu
LoadIconA
PostQuitMessage
RegisterWindowMessageA

gdi32

GetStockObject
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
TextOutA
EndDoc
DeleteDC
EndPage
StartPage
StartDocA
GetDeviceCaps
ResetDCA
CreateDCA

winspool.drv

DeviceCapabilitiesA
EnumPrintersA

comdlg32

PrintDlgA
GetOpenFileNameA

advapi32

RegQueryValueExW
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
CryptGenRandom
CryptAcquireContextA
DeregisterEventSource
RegisterEventSourceA
ReportEventA

shell32

Shell_NotifyIconA

ws2_32

WSAStartup
WSACleanup
send
recv
shutdown
getnameinfo
WSASetLastError
WSAGetLastError
bind
setsockopt
getsockopt
listen
ioctlsocket
WSASend
WSARecv
select
closesocket
connect
socket
ntohs
getservbyname
getprotobynumber
freeaddrinfo
getaddrinfo
htons
accept
getsockname
htonl
WSAIoctl
getpeername
WSAGetOverlappedResult
ntohl

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

libfpdev_zz

FPIDetectFinger
FPIGetFeature

Sections

.text
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfa319da0a181fc92392eb2191af80dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

libcurl

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ws2_32

version

libfpdev_zz

Sections

.text Size: 588KB - Virtual size: 587KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 106KB - Virtual size: 118KB

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 588KB - Virtual size: 587KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 106KB - Virtual size: 118KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 44KB - Virtual size: 44KB