a97e6d91d9e4abbd8c626379816accdcda29e3e3a6710fe2046fa7925c25e990

Sharing

Copy URL Twitter E-mail

General

Target

a97e6d91d9e4abbd8c626379816accdcda29e3e3a6710fe2046fa7925c25e990
Size

1.0MB
MD5

6955c87ec158c29b9a63f273452a59db
SHA1

29859c6a021e1ea3435809851f1760c4474c4c13
SHA256

a97e6d91d9e4abbd8c626379816accdcda29e3e3a6710fe2046fa7925c25e990
SHA512

bf5d46b2f6557b1dd70441da1d34ca7139957887f5a8544e8a8d856f7a0195b6c0dbe1e839b9dc55a802664b625b700d00d3412d01db12071891a6f8689b5261
SSDEEP

12288:LehmKysxDxjQA6v/3/M85gT1ZbzqilB04mommRGrhU8Wse8zwdpL:LehmLslY35gTbhlB04bmwG2eetd9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a97e6d91d9e4abbd8c626379816accdcda29e3e3a6710fe2046fa7925c25e990

Files

a97e6d91d9e4abbd8c626379816accdcda29e3e3a6710fe2046fa7925c25e990
.exe windows:6 windows x86 arch:x86

fba5f99c617af4bd071fd83c8ed5b1aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcrypto-1_1

X509_up_ref
X509_get_subject_name
ERR_clear_error
X509_NAME_get_index_by_NID
ERR_peek_last_error
BIO_free
ERR_get_error
BIO_meth_set_destroy
BIO_meth_set_create
BIO_meth_set_ctrl
BIO_meth_set_read
BIO_meth_set_write
BIO_meth_new
BIO_set_init
BIO_get_data
PEM_read_bio_PrivateKey
BIO_new
BIO_clear_flags
BIO_set_flags
CRYPTO_free
PEM_read_bio_X509
X509_getm_notAfter
X509_free
EVP_get_digestbyname
EVP_DigestFinal_ex
EVP_DigestUpdate
EVP_DigestInit_ex
EVP_MD_CTX_free
X509_VERIFY_PARAM_set1_host
EVP_MD_CTX_new
ASN1_TIME_to_tm
ASN1_TIME_set
X509_STORE_add_cert
PEM_read_bio_X509_AUX
ASN1_TIME_diff
X509_NAME_ENTRY_get_data
ASN1_STRING_free
X509_NAME_get_entry
EVP_PKEY_free
BIO_set_data
BIO_new_mem_buf
X509_verify_cert_error_string
ASN1_STRING_to_UTF8
ERR_error_string_n

libssl-1_1

SSL_CTX_set_options
SSL_set_options
SSL_get_servername
SSL_CTX_set_cipher_list
SSL_CTX_new
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_set_bio
SSL_use_PrivateKey
SSL_use_certificate
SSL_get_peer_certificate
SSL_CTX_set_verify
SSL_CTX_use_PrivateKey
SSL_CTX_use_certificate
SSL_new
SSL_get0_param
SSL_free
SSL_accept
SSL_connect
SSL_read
SSL_write
SSL_ctrl
SSL_CTX_ctrl
SSL_CTX_callback_ctrl
SSL_get_error
TLS_method
SSL_shutdown
SSL_CTX_set_default_verify_paths
SSL_get_verify_result

kernel32

SleepConditionVariableSRW
WakeConditionVariable
InitializeConditionVariable
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
GetCurrentProcess
CancelIoEx
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetQueuedCompletionStatus
CreateIoCompletionPort
DuplicateHandle
ConvertThreadToFiber
CreateFiber
DeleteFiber
SwitchToFiber
CloseHandle
GetProcAddress
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceFrequency
ResetEvent
QueryPerformanceCounter
FormatMessageW
LocalFree
GetLastError
FormatMessageA
RaiseException
Sleep
CreateThread

advapi32

LsaNtStatusToWinError

ws2_32

getaddrinfo
WSAPoll
WSAIoctl
WSAGetLastError
gethostname
socket
setsockopt
sendto
recvfrom
getnameinfo
inet_ntoa
inet_addr
htons
ioctlsocket
bind
send
recv
closesocket
WSASocketA
WSASend
inet_ntop
accept
connect
getpeername
getsockname
getsockopt
htonl
listen
ntohs
shutdown
WSAStartup
WSASetLastError
WSARecv
freeaddrinfo
ntohl
inet_pton

msvcp140

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
_Query_perf_counter
_Query_perf_frequency
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Xinvalid_argument@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_signal
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Cnd_destroy
_Cnd_init
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_destroy
_Mtx_init
_Thrd_id
_Thrd_join
_Thrd_start
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

iphlpapi

GetAdaptersInfo

vcruntime140

__RTDynamicCast
__processing_throw
memset
strchr
memchr
memmove
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
__RTCastToVoid
__CxxFrameHandler3
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
strerror_s
_controlfp_s
__p___argv
__p___argc
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_c_exit
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
terminate
_errno
strerror
abort
_exit

api-ms-win-crt-stdio-l1-1-0

_close
__p__commode
__acrt_iob_func
_set_fmode
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
__stdio_common_vsprintf
_write
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
calloc
_callnewh

api-ms-win-crt-string-l1-1-0

isspace
_strdup
strncmp

api-ms-win-crt-convert-l1-1-0

strtoul
strtoull
atoi
strtol
strtod

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_lock_file
_unlink
_unlock_file

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_time64

api-ms-win-crt-math-l1-1-0

__setusermatherr
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 696KB - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fba5f99c617af4bd071fd83c8ed5b1aa

Headers

DLL Characteristics

File Characteristics

Imports

libcrypto-1_1

libssl-1_1

kernel32

advapi32

ws2_32

msvcp140

iphlpapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 696KB - Virtual size: 695KB

.rdata Size: 209KB - Virtual size: 208KB

.data Size: 85KB - Virtual size: 87KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 696KB - Virtual size: 695KB

.rdata
Size: 209KB - Virtual size: 208KB

.data
Size: 85KB - Virtual size: 87KB

.reloc
Size: 56KB - Virtual size: 55KB