42267bc8c2eaa1906a0cf6e58e3cef1ed66c6828017a0b117c044a6486a02518

Sharing

Copy URL Twitter E-mail

General

Target

42267bc8c2eaa1906a0cf6e58e3cef1ed66c6828017a0b117c044a6486a02518
Size

1.1MB
MD5

f9c12348d6b54abab23276be51d10474
SHA1

78a07edf79a397d1a6fdcd239365dbd95a371255
SHA256

42267bc8c2eaa1906a0cf6e58e3cef1ed66c6828017a0b117c044a6486a02518
SHA512

a2ffb8cf2229c1ad68e06971a94c9211244006b4391b6b54eda0c990c35f1bacfbe58cccdea3cd2617e557976f9ed1a01ef781314f2700a71774d84015ca94a6
SSDEEP

12288:9/U06OAzNw6S4mLRRhZ9bklhqqq7Txdufei3DhZL69EKg+FL0Ue1/wUOtz6mRNVm:9boNTS4w1Ydq7TxduTiGXtOO57oLS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42267bc8c2eaa1906a0cf6e58e3cef1ed66c6828017a0b117c044a6486a02518

Files

42267bc8c2eaa1906a0cf6e58e3cef1ed66c6828017a0b117c044a6486a02518
.exe windows:5 windows x86 arch:x86

0e7452eab1fa1ee60acf9ceba8195974

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\build\workspace\miflash_git\out\Release\bin\account_auth.pdb

Imports

kernel32

GetWindowsDirectoryW
GetUserDefaultLangID
GetModuleHandleW
CreateThread
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
GetTempFileNameW
GetCurrentProcess
CreateDirectoryW
CopyFileW
GetFileAttributesW
CreateFileW
GetTempPathW
GetCurrentDirectoryW
GetLongPathNameW
SetLastError
RemoveDirectoryW
GetFileAttributesExW
DeleteFileW
InterlockedCompareExchange
CreateMutexW
SetFilePointer
CreateProcessW
GetTickCount
ReleaseMutex
DeleteFileA
GetCurrentThread
Sleep
RaiseException
IsDebuggerPresent
GetCurrentThreadId
DuplicateHandle
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetQueuedCompletionStatus
InterlockedExchange
PostQueuedCompletionStatus
CreateIoCompletionPort
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
SetEndOfFile
SetFilePointerEx
SetFileTime
FlushFileBuffers
GetNativeSystemInfo
GetVersionExW
GetProcAddress
GetCommandLineW
GetModuleHandleExW
InterlockedIncrement
GetModuleHandleExA
FreeResource
LockResource
ExitProcess
LoadResource
SizeofResource
FindResourceW
LoadLibraryW
GetACP
GetFileSize
MulDiv
GetFileType
DosDateTimeToFileTime
GetLocalTime
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
OutputDebugStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
DecodePointer
GetDriveTypeW
GetSystemDirectoryW
lstrcmpiW
EncodePointer
GetStringTypeW
IsProcessorFeaturePresent
GetFullPathNameW
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetStdHandle
AreFileApisANSI
RtlUnwind
ReadConsoleW
GetCPInfo
UnhandledExceptionFilter
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
IsValidCodePage
GetOEMCP
GetStdHandle
GetTimeZoneInformation
WriteConsoleW
SetEnvironmentVariableA
DeleteCriticalSection
EnterCriticalSection
GetLastError
GetOverlappedResult
LeaveCriticalSection
InitializeCriticalSection
WriteFile
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
ReadFile
CreateNamedPipeW
ConnectNamedPipe
CloseHandle
CreateEventW
ResetEvent
SetEvent
GetCurrentProcessId
GetModuleFileNameA

user32

GetCaretPos
ClientToScreen
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetLastActivePopup
GetDesktopWindow
SendMessageW
GetMessageW
DestroyWindow
SetTimer
UnregisterClassW
KillTimer
WaitMessage
MapWindowPoints
TranslateMessage
RegisterClassExW
CallMsgFilterW
PeekMessageW
MsgWaitForMultipleObjectsEx
CreateWindowExW
DefWindowProcW
DispatchMessageW
MessageBoxW
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
CharNextW
IsWindowVisible
ScreenToClient
SetWindowRgn
CreateCaret
IsZoomed
GetMonitorInfoW
MonitorFromWindow
LoadImageW
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
GetWindowRect
SetRect
FillRect
DrawTextW
CharPrevW
OffsetRect
LoadIconW
PostMessageW
TrackPopupMenu
SetForegroundWindow
AppendMenuW
GetCursorPos
ShowWindow
CreatePopupMenu
DestroyMenu
PostQuitMessage
SetCursor
wvsprintfW
PtInRect
IsRectEmpty
UnionRect
IntersectRect
GetClientRect
GetPropW
SetPropW
GetSystemMetrics
EnableWindow
SetFocus
IsIconic
SetWindowPos
IsWindow
GetClassInfoExW
RegisterClassW
GetQueueStatus
CallWindowProcW

shell32

SHFileOperationW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW

dbghelp

MiniDumpWriteDump

gdiplus

GdipGetImageWidth
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipDrawString
GdipCreateStringFormat
GdipGetImageHeight
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat

comctl32

_TrackMouseEvent
ord17

vmprotectsdk32

VMProtectEnd
VMProtectBegin

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext

iphlpapi

GetAdaptersInfo

gdi32

DeleteObject
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetObjectA
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
GetStockObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreatePatternBrush
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
CreateCompatibleBitmap
BitBlt
CreateRoundRectRgn
GetDeviceCaps
GdiFlush
ExtTextOutW
TextOutW
MoveToEx
CreateDIBSection
SetTextColor
SetStretchBltMode

advapi32

RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
IsTextUnicode
RegSetValueExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleUninitialize
OleInitialize

oleaut32

VarUI4FromStr
VariantClear
VariantInit
SysAllocString
SysFreeString

libcurl

curl_free
curl_easy_escape
curl_slist_append
curl_easy_init
curl_easy_setopt
curl_easy_perform
curl_easy_getinfo
curl_easy_cleanup
curl_slist_free_all
curl_global_init

libeay32

ord3312
ord2656
ord323
ord503
ord501
ord961
ord2894
ord294
ord276
ord256
ord2660
ord3067
ord2784
ord965
ord964
ord2572
ord2747
ord332
ord266
ord3314
ord333
ord3315
ord3313
ord264
ord2927
ord260
ord502
ord504

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 788KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e7452eab1fa1ee60acf9ceba8195974

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

dbghelp

gdiplus

comctl32

vmprotectsdk32

winmm

imm32

iphlpapi

gdi32

advapi32

ole32

oleaut32

libcurl

libeay32

version

Exports

Exports

Sections

.text Size: 788KB - Virtual size: 788KB

.rdata Size: 185KB - Virtual size: 185KB

.data Size: 20KB - Virtual size: 37KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 110KB - Virtual size: 112KB

.text
Size: 788KB - Virtual size: 788KB

.rdata
Size: 185KB - Virtual size: 185KB

.data
Size: 20KB - Virtual size: 37KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 110KB - Virtual size: 112KB