c72babe44ca39f4ff85d9ebc8caf006f0aa0748479a81ba9a7abf75c44e13233

Sharing

Copy URL Twitter E-mail

General

Target

c72babe44ca39f4ff85d9ebc8caf006f0aa0748479a81ba9a7abf75c44e13233
Size

26KB
MD5

4f859086ec9321a1a34d8663ade5bd3c
SHA1

78d2eefff8bc52c7cd3551d216a900fb13032b45
SHA256

c72babe44ca39f4ff85d9ebc8caf006f0aa0748479a81ba9a7abf75c44e13233
SHA512

bf01eae51241a36d1135f7918a89dee6c0acf625362874c409f55247171701c5e01e4af95286a95b0281d49f3ce4b78badf80fa31b90b0747e5d999e34467bda
SSDEEP

768:rSctIDGC05eEfwUS/yTELOZsHdDhLODd:btJCUeoHTuOZKhQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c72babe44ca39f4ff85d9ebc8caf006f0aa0748479a81ba9a7abf75c44e13233

Files

c72babe44ca39f4ff85d9ebc8caf006f0aa0748479a81ba9a7abf75c44e13233
.dll windows:5 windows x86 arch:x86

084d66d9ed16639df181a2ad20dbbcbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tfsagent\_work\12\s\src\Release9\Batch.pdb

Imports

kernel32

ResetEvent
CloseHandle
SetEvent
GetLastError
CreateEventA
GetModuleFileNameA
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
EncodePointer
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

engine

?Read@CWorker@@UAEPAUNcCode@@XZ
?LS@CGAccess@@SAPADPBD0@Z
??2Part@@SAPAXII@Z
?Read@CLuaAccess@@QAE_NAANPBD1NN@Z
?Read@CLuaAccess@@QAE_NPADIPBD@Z
??1CLuaAccess@@UAE@XZ
??0CLuaAccess@@QAE@PAUlua_State@@@Z
?Log@CGAccess@@2P6AXPBD00@ZA
??0CWorker@@QAE@PBD@Z
??1CWorker@@UAE@XZ
??2Part@@SAPAXIPBDI@Z
?CopyDynamicData@Part@@QAEXPAXPBXI@Z
?PostMsg@CWorker@@UAEXI@Z
?Write@CWorker@@UAEXPAUNcCode@@@Z
?Reset@CWorker@@UAE_NXZ
??3Part@@SAXPAX@Z
?Wait@CWorker@@UAEXPAX@Z
?Msg@CWorker@@UAEXPBD0@Z
?Pause@CWorker@@UAEXN@Z
?SetReadFifo@CWorker@@UAEXPAV?$CRingBuffer@PAUNcCode@@$03@@H@Z
?SetWriteFifo@CWorker@@UAEXPAV?$CRingBuffer@PAUNcCode@@$03@@H@Z
?GetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?TryGetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?SetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?IsPipeAborted@CWorker@@UAE_NXZ
?SwitchToMainFiber@CWorker@@UAEXXZ
?GetStationIndex@CWorker@@UAEHXZ

msvcp100

_Nan

msvcr100

_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
__CxxFrameHandler3
__CppXcptFilter
memset
_initterm
_encoded_null
free
_malloc_crt
strcpy_s
sprintf_s
strncpy_s
??_V@YAXPAX@Z
strrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
_amsg_exit
_CxxThrowException
_initterm_e
_vsnprintf_s
memcpy

ncexarchive

DeleteNcexReader
CreateNcexReader

zua

luaL_loadfilex
lua_settop
lua_tolstring
lua_pcallk
luaL_loadstring
lua_getglobal
lua_settable
luaL_setfuncs
lua_createtable
lua_pushboolean
luaL_checknumber
lua_topointer
lua_pushlightuserdata
lua_pushnil
luaL_checklstring
lua_touserdata
lua_gettable
lua_setglobal
lua_newthread

Exports

Exports

CreateBatch
DeleteBatch
LoadFile
LoadMemory
luaopen_Batch

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

084d66d9ed16639df181a2ad20dbbcbc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

engine

msvcp100

msvcr100

ncexarchive

zua

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB