d6826d694f8fac75375f2275dceeaa414e2f627d96fcec4c76b14e5137c03fd4

Sharing

Copy URL Twitter E-mail

General

Target

d6826d694f8fac75375f2275dceeaa414e2f627d96fcec4c76b14e5137c03fd4
Size

1.2MB
MD5

4f527f4b160c06e33a20c4b4e3f4eafb
SHA1

be88dfa730d6b7b88c489d0aa630d9f81a2fc5ba
SHA256

d6826d694f8fac75375f2275dceeaa414e2f627d96fcec4c76b14e5137c03fd4
SHA512

a6bb8ff13f44c0ff57a002339d83b59543ee6f4269bfa1d33fb789f84383b8b2b75622b5961f13af1bc41c3ab8b924a37c479e4a40eb5f1aa9ade84fd8feca2b
SSDEEP

24576:0fYEv9DXV8VmhCKAIoXIIdLH4sqjnhMgeiCl7G0nehbGZpbD:SvFzsmhCKuXIpDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6826d694f8fac75375f2275dceeaa414e2f627d96fcec4c76b14e5137c03fd4

Files

d6826d694f8fac75375f2275dceeaa414e2f627d96fcec4c76b14e5137c03fd4
.exe windows:6 windows x64 arch:x64

abbf0a1674bf3bdde71468f0f791a36c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\ws\workspace\j_ZVFRQJ1V\HwIntelligent_PC\HiboardMsgHandle\HiboardDataReport\x64\Release\HiboardDataReport.pdb

Imports

libcrypto-1_1-x64

ERR_print_errors_cb
RSA_pkey_ctx_ctrl
PEM_read_bio_PUBKEY
EVP_PKEY_encrypt_init
RAND_priv_bytes
EVP_EncryptInit_ex
EVP_CIPHER_CTX_iv_length
EVP_CIPHER_CTX_key_length
BIO_free_all
EVP_PKEY_encrypt
EVP_EncryptUpdate
EVP_PKEY_CTX_free
EVP_PKEY_CTX_new
EVP_PKEY_free
EVP_PKEY_size
EVP_aes_128_cbc
EVP_CIPHER_CTX_rand_key
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_reset
EVP_CIPHER_CTX_new
EVP_SealFinal
BIO_new_file
OPENSSL_cleanse

zlib

deflateBound
deflateInit_
deflateEnd
deflate

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
CreateEventW
WaitForSingleObjectEx
ResetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
MultiByteToWideChar
SetLastError
AreFileApisANSI
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
FindClose
CreateFileW
CreateDirectoryW
InitializeSListHead
GetSystemTimeAsFileTime
GetFileAttributesA
CloseHandle
OpenEventA
CreateMutexA
WaitForSingleObject
UnmapViewOfFile
Sleep
GetLastError
SetEvent
OpenFileMappingA
MapViewOfFile
GetFileAttributesW
GetCurrentProcessId
GetCurrentThreadId
GetDynamicTimeZoneInformation
WideCharToMultiByte
GetStdHandle
WriteFile
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetUnhandledExceptionFilter
GetProcAddress
IsDebuggerPresent
QueryPerformanceCounter
UnhandledExceptionFilter
GetModuleHandleW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
_Mbrtowc
_Cnd_init_in_situ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_message@std@@YAKKPEADK@Z
?_Winerror_map@std@@YAHH@Z
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Cnd_broadcast
_Cnd_destroy_in_situ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Cnd_signal
_Mtx_lock
_Cnd_wait
_Mtx_unlock
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Strcoll
_Strxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
_Thrd_start
_Thrd_join
_Thrd_id
_Mtx_init
_Mtx_destroy
_Mtx_current_owns
_Cnd_init
_Cnd_destroy
_Cnd_timedwait
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$numpunct@_W@std@@2V0locale@2@A
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

vcruntime140

__C_specific_handler
memcmp
memcpy
_purecall
strrchr
strchr
memset
memchr
__std_terminate
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
memmove
_CxxThrowException

api-ms-win-crt-convert-l1-1-0

strtoull
strtod
strtoll

api-ms-win-crt-math-l1-1-0

_ldsign
_ldtest
_dclass
_dsign
_fdsign
_dtest
__setusermatherr
_fdtest

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
calloc
realloc
malloc

api-ms-win-crt-string-l1-1-0

strncmp
isdigit
strtok_s
strcpy_s
tolower

api-ms-win-crt-stdio-l1-1-0

fgetc
_filelengthi64
fwrite
_set_fmode
fopen_s
fgetpos
setvbuf
ungetc
fsetpos
fclose
__p__commode
_fileno
fflush
fread
_wfsopen
fputc
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__acrt_iob_func
_fseeki64
_get_stream_buffer_pointers
__stdio_common_vsnprintf_s
__stdio_common_vfprintf

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
strftime
_gmtime64_s

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_unlock_file
_stat64i32
rename
_wremove
_wmkdir
_wrename
_mkdir

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_invalid_parameter_noinfo_noreturn
exit
_initterm_e
strerror_s
_errno
_beginthreadex
_exit
_initterm
_get_initial_narrow_environment
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
terminate

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
localeconv

sqlcipher

sqlite3_key
sqlite3_open_v2
sqlite3_busy_timeout
sqlite3_errcode
sqlite3_close
sqlite3_column_bytes
sqlite3_column_int64
sqlite3_column_int
sqlite3_changes
sqlite3_column_blob
sqlite3_reset
sqlite3_finalize
sqlite3_step
sqlite3_column_name
sqlite3_column_count
sqlite3_bind_parameter_index
sqlite3_bind_text
sqlite3_bind_int64
sqlite3_prepare_v2
sqlite3_errmsg
sqlite3_exec
sqlite3_extended_errcode

libcurl

curl_slist_free_all
curl_version_info
curl_easy_setopt
curl_easy_perform
curl_easy_getinfo
curl_formfree
curl_free
curl_easy_init
curl_easy_cleanup
curl_slist_append
curl_easy_escape

Exports

Exports

cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc

Sections

.text
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

abbf0a1674bf3bdde71468f0f791a36c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcrypto-1_1-x64

zlib

kernel32

msvcp140

bcrypt

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

sqlcipher

libcurl

Exports

Exports

Sections

.text Size: 460KB - Virtual size: 459KB

.rdata Size: 150KB - Virtual size: 150KB

.data Size: 15KB - Virtual size: 17KB

.pdata Size: 22KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 460KB - Virtual size: 459KB

.rdata
Size: 150KB - Virtual size: 150KB

.data
Size: 15KB - Virtual size: 17KB

.pdata
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB