b4ee5ed589cfff4bcbd58e7931a2a39982ec2fd93b6a9566d69b5bdb5274b192

Sharing

Copy URL Twitter E-mail

General

Target

b4ee5ed589cfff4bcbd58e7931a2a39982ec2fd93b6a9566d69b5bdb5274b192
Size

1.3MB
MD5

4ac7387eb72d3c2d7b2ccb59d979ca1a
SHA1

b2858f6d3b99bc3a975c4174590813293335645f
SHA256

b4ee5ed589cfff4bcbd58e7931a2a39982ec2fd93b6a9566d69b5bdb5274b192
SHA512

74403d197e56b3cc31f4c658b1874eadbbbdaf1a58ae8354be8992316b7a45de2dc2028c7a445743d7b2119b299539b855de9f6454436dd492309c1f1fd43197
SSDEEP

24576:DsXUVsjNsxrkxZHwZVnIpVNlB6F/5HPO7BcT1L/:QXUVLMw4pVNz6F/5HPOqZ7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4ee5ed589cfff4bcbd58e7931a2a39982ec2fd93b6a9566d69b5bdb5274b192

Files

b4ee5ed589cfff4bcbd58e7931a2a39982ec2fd93b6a9566d69b5bdb5274b192
.dll windows:6 windows x64 arch:x64

1957ea823080757c1d6e4a6b80690400

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\jenkins-slave\workspace\fabcommon_build_win_v3_dev_v3\2013\fabcommon\runtime\x64\Release\fabutilities.pdb

Imports

powrprof

SetSuspendState

advapi32

RegEnumKeyExA
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
CryptHashData
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueA
RegSetValueA
RegSetValueExA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptGetHashParam

ws2_32

ioctlsocket
gethostname
WSAWaitForMultipleEvents
inet_addr
WSAEventSelect
WSASocketW
WSACreateEvent
inet_ntoa
gethostbyname
htonl
ntohl
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
WSASetLastError
WSAStartup
WSACleanup
recv
send
WSAGetLastError
select
__WSAFDIsSet
socket
WSAEnumNetworkEvents

crypt32

CertFreeCertificateContext

wldap32

ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord46
ord32
ord33
ord143
ord301
ord200
ord30
ord79
ord35

normaliz

IdnToAscii

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

AreFileApisANSI
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
VerifyVersionInfoA
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
LocalFree
CreateWaitableTimerA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
SetWaitableTimer
ResetEvent
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
SystemTimeToFileTime
GetLocalTime
LoadLibraryW
GetVersionExW
CreateMutexW
GetFileType
ReadFile
WaitForMultipleObjects
ReleaseMutex
ExpandEnvironmentStringsA
PeekNamedPipe
LeaveCriticalSection
EnterCriticalSection
GetTickCount64
FormatMessageA
SetLastError
lstrlenA
CreateEventA
CloseHandle
SetEvent
GetProcessHeap
HeapAlloc
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
OutputDebugStringA
WaitForSingleObjectEx
CreateDirectoryW
CreateFileW
GetFileAttributesW
CopyFileW
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryA
CreateFileA
DeleteFileA
DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetDiskFreeSpaceA
GetDriveTypeA
GetFileAttributesA
GetFileSize
RemoveDirectoryA
RemoveDirectoryW
SetFileAttributesA
SetFileAttributesW
SetFilePointer
GetTempPathW
GetLastError
DeviceIoControl
Sleep
GetTickCount
GetWindowsDirectoryA
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameA
LoadLibraryA
GetTempPathA
QueryDosDeviceA
CopyFileA
MoveFileA
MoveFileW
MoveFileExA
MoveFileExW
GetVolumeInformationA
GetDiskFreeSpaceExA
WaitForSingleObject
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessA
CreateProcessW
GetSystemDirectoryA
GetVersionExA
GetNativeSystemInfo
GlobalLock
GlobalUnlock
GetStdHandle
WriteFile
FreeConsole
SetConsoleTitleA
AllocConsole
IsDBCSLeadByte

user32

OpenClipboard
IsWindowVisible
SetWindowPos
PostMessageA
ExitWindowsEx
CloseDesktop
CloseClipboard
OpenDesktopA
GetForegroundWindow
GetClipboardData
GetDesktopWindow
IsClipboardFormatAvailable
SystemParametersInfoA
GetSystemMetrics
CharNextA
EnumDesktopWindows

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteExW
ShellExecuteExA
ShellExecuteW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocString

msvcp120

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
?id@?$ctype@D@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?narrow@?$ctype@D@std@@QEBADDD@Z
?widen@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??0id@locale@std@@QEAA@_K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_BADOFF@std@@3_JB
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?in@?$codecvt@_WDH@std@@QEBAHAEAHPEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDH@std@@QEBAHAEAHPEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0?$codecvt@_WDH@std@@QEAA@_K@Z
?_Getcat@?$codecvt@_WDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_WDH@std@@MEAA@XZ
?fail@ios_base@std@@QEBA_NXZ
?exceptions@ios_base@std@@QEAAXH@Z
?flags@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?ws@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@1@AEAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?classic@locale@std@@SAAEBV12@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?unsetf@ios_base@std@@QEAAXH@Z
??7ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?precision@ios_base@std@@QEAA_J_J@Z
?bad@ios_base@std@@QEBA_NXZ
?eof@ios_base@std@@QEBA_NXZ

msvcr120

isupper
islower
isprint
isgraph
_fseeki64
_ftelli64
_wmkdir
swprintf_s
_strdup
??0exception@std@@QEAA@XZ
ispunct
fgetc
fgetpos
fsetpos
setvbuf
ungetc
_lock_file
_unlock_file
?terminate@@YAXXZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
__clean_type_info_names_internal
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_read
_write
_close
_open
_purecall
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
strlen
memmove
strtol
_CxxThrowException
__CxxFrameHandler3
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBV01@@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??_V@YAXPEAX@Z
__RTDynamicCast
memset
printf
_getpid
strncpy
abort
??8type_info@@QEBA_NAEBV0@@Z
__RTtypeid
memcmp
strcpy
strcmp
fclose
sprintf_s
?before@type_info@@QEBA_NAEBV1@@Z
rand
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??1bad_cast@std@@UEAA@XZ
clock
_time64
_snprintf
free
memchr
_vsnprintf
_localtime64
fopen
fwrite
sprintf
memcpy_s
strchr
_stricmp
strncmp
_strnicmp
fgets
fprintf
fseek
rewind
_snwprintf
_wfopen_s
wcstombs
malloc
_makepath
_splitpath
_splitpath_s
_wmakepath
_wsplitpath
__C_specific_handler
__iob_func
fread
ftell
isalnum
strcpy_s
strcat_s
strstr
calloc
sscanf
tolower
floor
pow
mbstowcs
isspace
toupper
strrchr
_stat64
realloc
strerror
__sys_nerr
isdigit
fputc
fputs
qsort
strtoll
_errno
isalpha
isxdigit
strpbrk
strtoul
atoi
fflush
_gmtime64
_beginthreadex
_lseeki64
_fstat64
getenv

iphlpapi

GetAdaptersInfo

shlwapi

StrChrW
StrCpyNW
PathFileExistsW

Exports

Exports

FabUtilityCreateFactory

Sections

.text
Size: 962KB - Virtual size: 962KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1957ea823080757c1d6e4a6b80690400

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

powrprof

advapi32

ws2_32

crypt32

wldap32

normaliz

version

kernel32

user32

shell32

ole32

oleaut32

msvcp120

msvcr120

iphlpapi

shlwapi

Exports

Exports

Sections

.text Size: 962KB - Virtual size: 962KB

.rdata Size: 279KB - Virtual size: 279KB

.data Size: 14KB - Virtual size: 17KB

.pdata Size: 70KB - Virtual size: 69KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 962KB - Virtual size: 962KB

.rdata
Size: 279KB - Virtual size: 279KB

.data
Size: 14KB - Virtual size: 17KB

.pdata
Size: 70KB - Virtual size: 69KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 4KB - Virtual size: 3KB