f4e8e96519a6de0c2e15f4dca7e816d8e71af441fc8187eb8ffc25714234a631

Sharing

Copy URL Twitter E-mail

General

Target

f4e8e96519a6de0c2e15f4dca7e816d8e71af441fc8187eb8ffc25714234a631
Size

1.2MB
MD5

8ccc0424fbe8a2869069497a880e4db5
SHA1

f7472ec4c160c82db99918d0083e00dd2b781c37
SHA256

f4e8e96519a6de0c2e15f4dca7e816d8e71af441fc8187eb8ffc25714234a631
SHA512

5728d2b2166d1086af8363dda11a4f791c5b70b1ccb5883963847b230458a4655ab839d654d2f709a00bc7a540deea6dc8bc225691cc07b858aa9fe61a629020
SSDEEP

12288:sm/MAZsIfGPnzt5keE4ohhM5vG31Wcanm5uEl5RuBQuKmqhb:sm3ZseGbt5kV4oW5vG3AcanMNTR2RKh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4e8e96519a6de0c2e15f4dca7e816d8e71af441fc8187eb8ffc25714234a631

Files

f4e8e96519a6de0c2e15f4dca7e816d8e71af441fc8187eb8ffc25714234a631
.exe windows:5 windows x86 arch:x86

ef2b939599eb785bba6ad8ca713f1456

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\sslvpn_pc\source\sslvpn-gui-1-5-0-5\Release\bin\sslvpn-gui.pdb

Imports

user32

EnableMenuItem
InsertMenuW
DeleteMenu
DrawIcon
RegisterDeviceNotificationW
IsIconic
LoadStringW
CallWindowProcW
GetMenuDefaultItem
UnregisterClassW
LoadImageW
GetSystemMetrics
LoadMenuW
SetMenuDefaultItem
GetSubMenu
DestroyIcon
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
KillTimer
CreateWindowExW
GetWindowLongW
SetWindowLongW
CloseWindow
AppendMenuW
CreatePopupMenu
GetCursorPos
RedrawWindow
ScreenToClient
GetClientRect
PostMessageW
FindWindowW
LoadIconW
GetParent
IsWindow
SendMessageW
SetForegroundWindow
TrackPopupMenu
EnableWindow

netapi32

Netbios

shell32

SHGetFolderPathW
ShellExecuteW
Shell_NotifyIconW

libeay32

ord246
ord3212

mfc110u

ord5988
ord6708
ord1445
ord8670
ord7917
ord14055
ord8308
ord2941
ord8599
ord4168
ord6477
ord2472
ord14198
ord3873
ord8607
ord2811
ord12860
ord3116
ord13958
ord13365
ord12753
ord500
ord1136
ord4034
ord6186
ord4824
ord2164
ord2194
ord969
ord1442
ord12445
ord4999
ord1680
ord1683
ord1842
ord14185
ord4611
ord1961
ord967
ord11810
ord4664
ord14498
ord1684
ord1135
ord11800
ord2831
ord13765
ord8208
ord6818
ord13800
ord14080
ord8609
ord14237
ord4602
ord13071
ord14242
ord4956
ord10224
ord7505
ord989
ord1463
ord7844
ord2154
ord2220
ord6723
ord10095
ord5638
ord12760
ord12057
ord12089
ord10278
ord8062
ord4528
ord12085
ord12077
ord5789
ord3794
ord6219
ord14488
ord6220
ord14489
ord6218
ord14487
ord7847
ord12364
ord14287
ord11821
ord11820
ord1985
ord7789
ord12779
ord4031
ord4093
ord9248
ord14415
ord7770
ord14409
ord12375
ord12374
ord2432
ord5233
ord8169
ord12697
ord8230
ord8314
ord2219
ord2204
ord884
ord1382
ord10883
ord11015
ord6401
ord1517
ord8610
ord4681
ord6681
ord1415
ord13259
ord12201
ord6202
ord4991
ord12392
ord12264
ord14426
ord5764
ord12885
ord6703
ord5457
ord5464
ord5461
ord11809
ord4253
ord13490
ord14443
ord8343
ord14282
ord1702
ord4745
ord4996
ord8204
ord5303
ord285
ord5792
ord2954
ord8989
ord5298
ord2712
ord13294
ord2935
ord2832
ord5462
ord5745
ord8022
ord4674
ord4654
ord1137
ord502
ord1063
ord6367
ord8979
ord3092
ord4163
ord8597
ord2938
ord3814
ord8309
ord2329
ord12595
ord4603
ord3775
ord2122
ord4416
ord1440
ord2250
ord2845
ord12151
ord12941
ord11829
ord5576
ord1168
ord544
ord2251
ord7667
ord3639
ord1059
ord6360
ord8977
ord3090
ord4160
ord1126
ord996
ord6419
ord9059
ord6000
ord12058
ord2707
ord13577
ord6091
ord13583
ord13584
ord3791
ord280
ord2423
ord296
ord4754
ord4264
ord2331
ord2335
ord1516
ord265
ord11969
ord8891
ord11233
ord4033
ord3349
ord3348
ord3109
ord6089
ord13573
ord3250
ord3247
ord8055
ord2706
ord10130
ord10132
ord10131
ord10129
ord10133
ord5528
ord11563
ord11564
ord8990
ord11927
ord3780
ord11774
ord14408
ord8816
ord12010
ord6840
ord10847
ord9106
ord3211
ord13699
ord12097
ord12095
ord1707
ord1716
ord1724
ord1720
ord1729
ord4858
ord4895
ord4866
ord4878
ord4874
ord4870
ord4901
ord4891
ord4862
ord4905
ord4883
ord4847
ord4853
ord4886
ord4441
ord9541
ord4433
ord3000
ord14410
ord7771
ord14416
ord6739
ord11555
ord13524
ord2355
ord1504
ord1502
ord266
ord1039
ord1514
ord5806
ord2628
ord11962
ord3882
ord3317
ord3316
ord3210
ord12006
ord5128
ord5425
ord5635
ord9200
ord5401
ord5664
ord5131
ord5287
ord5109
ord7572
ord7573
ord7563
ord5285
ord8064
ord3205
ord3311
ord4180
ord4825
ord4992
ord10100
ord9060
ord10317
ord10860
ord8016
ord14328
ord7345
ord3638
ord3758
ord286
ord1104
ord457
ord6967
ord499

msvcr110

__crtUnhandledException
__crtTerminateProcess
__crtSetUnhandledExceptionFilter
_CxxThrowException
__CxxFrameHandler3
memset
_invoke_watson
_except_handler4_common
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
memcpy
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_controlfp_s
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
wcschr
_mbschr
fgetws
fgets
wcscpy_s
memcpy_s
wcsftime
setlocale
vsprintf_s
rand
srand
wcstombs_s
strcpy_s
wcsrchr
exit
sprintf_s
calloc
swprintf_s
malloc
_recalloc
wcsncpy_s
free
_waccess
_time64
_wtoi
_localtime64_s
_purecall
_configthreadlocale
memmove

kernel32

CreateMutexW
LoadLibraryW
CreateEventW
CreatePipe
DuplicateHandle
GetStartupInfoW
SetEvent
WriteFile
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetACP
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WaitForSingleObject
GetTempFileNameW
ReadFile
GetTempPathW
CreateFileW
GetVolumeInformationW
GetDriveTypeW
LocalFree
FormatMessageW
GetPrivateProfileIntW
GetModuleFileNameW
SetLastError
GetCurrentThreadId
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
MoveFileW
WritePrivateProfileStringW
InitializeCriticalSectionAndSpinCount
RemoveDirectoryW
GetModuleHandleW
GetProcAddress
CopyFileW
Sleep
DeleteFileW
lstrlenA
DeleteCriticalSection
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
GetProcessHeap
HeapFree
HeapAlloc
CreateDirectoryW
CloseHandle
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CreateProcessW

advapi32

RegSetValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteValueW
RegCloseKey

comctl32

InitCommonControlsEx

ole32

CoTaskMemAlloc
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

SafeArrayAccessData
SysAllocStringByteLen
SysStringLen
SafeArrayUnaccessData
VariantInit
VariantClear
VariantChangeType
SafeArrayGetVartype
SafeArrayPutElement
SysFreeString
SysAllocString
SafeArrayCreate

msvcp110

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

ws2_32

WSACleanup
gethostbyname
WSAStartup
inet_ntoa

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef2b939599eb785bba6ad8ca713f1456

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

netapi32

shell32

libeay32

mfc110u

msvcr110

kernel32

advapi32

comctl32

ole32

oleaut32

msvcp110

ws2_32

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 1KB - Virtual size: 15KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1.1MB - Virtual size: 1.6MB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 1KB - Virtual size: 15KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1.1MB - Virtual size: 1.6MB