11e43358919871a51c8cd5513c4304bc0c3b97d865746d7e1958510baceb0363

Sharing

Copy URL Twitter E-mail

General

Target

11e43358919871a51c8cd5513c4304bc0c3b97d865746d7e1958510baceb0363
Size

1.3MB
MD5

21a61501c533a537bb61bbc3b39b7720
SHA1

9843683d0fb954a4abcfbe21493d96503f089a82
SHA256

11e43358919871a51c8cd5513c4304bc0c3b97d865746d7e1958510baceb0363
SHA512

e28539c41c54d56cf06d16713234660da99c52c5d9f70f62ab7c33ae9d926631586125f35717eb3e6ffcb827fa581e431f35ab8274df6deabcc246dc7fa35f53
SSDEEP

24576:lVFgO4h78UeL35+s4sqjnhMgeiCl7G0nehbGZpbD:zgaL+Dmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11e43358919871a51c8cd5513c4304bc0c3b97d865746d7e1958510baceb0363

Files

11e43358919871a51c8cd5513c4304bc0c3b97d865746d7e1958510baceb0363
.exe windows:6 windows x64 arch:x64

e99aee064cad32d83d5c62c7347fbb1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins_work\workspace\Manual_Build_HMDFS_for_PC\DDMP\distributeddatamgr\build\outputs\x64\Release\hmdfsservice.pdb

Imports

d2d

?GetD2DPVersion@D2DP@@YAEXZ
?CreateD2DPTransport@D2DP@@YA?AV?$shared_ptr@UID2DPTransport@D2DP@@@std@@_KV?$shared_ptr@UID2DPSecurity@D2DP@@@3@E@Z

libcrypto-1_1-x64

RAND_bytes
EVP_EncryptFinal_ex
EVP_aes_256_gcm
EVP_EncryptUpdate
EVP_CIPHER_CTX_free
SHA256
BN_free
BN_rand
EVP_DecryptFinal_ex
BN_new
BN_bn2dec
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_cipher
EVP_CIPHER_flags
EVP_EncryptInit_ex
EVP_sha256
EVP_DecryptInit_ex
HMAC
EVP_CIPHER_CTX_ctrl
EVP_Cipher
EVP_aes_128_gcm
EVP_DecryptUpdate
CRYPTO_free

dokanfuse1

fuse_loop
fuse_setup
fuse_exit
fuse_loop_mt
fuse_teardown

rpcrt4

NdrServerCall2
NdrServerCallAll
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcServerRegisterIf
RpcServerListen
RpcMgmtStopServerListening
NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree

ws2_32

htons
WSACleanup
__WSAFDIsSet
accept
select
shutdown
listen
inet_pton
bind
closesocket
getpeername
getsockname
socket
ntohs
connect
WSAGetLastError
setsockopt
send
recv
WSAStartup

pcmlservice

?SetWorkEnvironment@DirViewFactory@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBDH@Z
?IsSocketValid@DirView@@QEAA_NXZ
?GetInstance@DirViewFactory@@SAAEAV1@XZ
?Start@DirViewFactory@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetDirView@DirViewFactory@@QEAA?AV?$weak_ptr@VDirView@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@AEAV?$function@$$A6AXW4ViewType@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z@3@@Z
?QueryView@DirView@@QEAAHW4ViewType@@AEA_KAEAV?$vector@UMediaDataItem@@V?$allocator@UMediaDataItem@@@std@@@std@@@Z
?GetPort@DirViewFactory@@QEAAHXZ
?Delete@DirView@@QEAAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Update@DirView@@QEAAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?LookUp@DirView@@QEAAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAUMediaDataItem@@@Z

hwfileutil

?LoadFile@HwXMLDocument@@QEAA?AW4HwXmlError@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FirstNode@HwXmlElement@@QEBA?AV1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FirstAttribute@HwXmlElement@@QEBA?AVHwXmlAttribute@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?NextSiblingElement@HwXmlElement@@QEBA?AV1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?IsElementNull@HwXmlElement@@QEBA_NXZ
??1HwXMLDocument@@QEAA@XZ
?RootElement@HwXMLDocument@@QEAA?AVHwXmlElement@@XZ
?Value@HwXmlAttribute@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetText@HwXmlElement@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

hwdatareport

?SendMsg@HwDataReport@@QEAAHAEBVHwDataEvent@@@Z
?Instance@HwDataReport@@SAAEAV1@XZ
??0HwDataEvent@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4ReportPlatform@@@Z
??1HwDataEvent@@UEAA@XZ
?PutString@HwDataEvent@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?Init@HwDataReport@@QEAAXHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

secur32

GetUserNameExW

wtsapi32

WTSQueryUserToken

kernel32

UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
WTSGetActiveConsoleSessionId
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
FreeLibrary
GetCurrentProcess
LoadLibraryW
GetModuleFileNameW
DefineDosDeviceW
SetVolumeLabelW
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockExclusive
Sleep
LocalFree
GetLocalTime
CreateDirectoryW
GetLastError
GetLogicalDrives
MultiByteToWideChar
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
SetUnhandledExceptionFilter
ResetEvent
GetSystemTimeAsFileTime
InitializeSListHead
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetCurrentProcessId
GetProcAddress
GetCurrentThreadId

advapi32

ImpersonateLoggedOnUser
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf

msvcp140

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Cnd_register_at_thread_exit
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
_Mtx_trylock
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_init_in_situ
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7_Facet_base@std@@6B@
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??_7codecvt_base@std@@6B@
??_7facet@locale@std@@6B@
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
_Cnd_signal
_Cnd_init_in_situ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Cnd_wait
_Mtx_init
_Thrd_start
_Thrd_id
_Mtx_destroy
_Cnd_init
_Thrd_join
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_current_owns
_Cnd_timedwait
_Thrd_detach
_Xtime_get_ticks
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z

loghelper

?GetInstance@HwLogger@@SAPEAV1@XZ
?Log@HwLogger@@QEAAXW4LOG_MESSAGE_LEVEL@@AEAV?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?InitProcessLogger@HwLogger@@QEAAXXZ

shlwapi

PathRemoveFileSpecW

vcruntime140

__std_exception_destroy
__C_specific_handler
strrchr
_purecall
_CxxThrowException
__CxxFrameHandler3
__std_exception_copy
memset
__std_terminate
__RTDynamicCast
memchr
memcmp
memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

__p___argv
__p___argc
_exit
_invalid_parameter_noinfo_noreturn
_invoke_watson
exit
_errno
_c_exit
abort
_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_initterm_e
_get_initial_narrow_environment
_initterm

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

_rmtmp
_set_fmode
_chsize
_wsopen_dispatch
_lseek
_write
_close
__stdio_common_vsnprintf_s
_read
__p__commode
tmpfile_s
fclose
_fileno

api-ms-win-crt-string-l1-1-0

strncpy_s
tolower
strncmp

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
_wfullpath
_stat64i32
_wunlink
_wfindnext64i32
_waccess
_wfindfirst64i32
_findclose
_wrmdir

api-ms-win-crt-convert-l1-1-0

wcstoll
strtoull

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

??0HwXMLDocument@@QEAA@XZ
??0HwXmlAttribute@@QEAA@PEAVXMLAttribute@tinyxml2@@@Z
??0HwXmlElement@@QEAA@PEAVXMLElement@tinyxml2@@@Z
??0HwXmlElement@@QEAA@XZ
??1HwXmlAttribute@@QEAA@XZ
??1HwXmlElement@@QEAA@XZ
??4HwXmlAttribute@@QEAAAEAV0@AEBV0@@Z
??4HwXmlElement@@QEAAAEAV0@AEBV0@@Z
?__autoclassinit2@HwXMLDocument@@QEAAX_K@Z
?__autoclassinit2@HwXmlAttribute@@QEAAX_K@Z
?__autoclassinit2@HwXmlElement@@QEAAX_K@Z

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e99aee064cad32d83d5c62c7347fbb1f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d2d

libcrypto-1_1-x64

dokanfuse1

rpcrt4

ws2_32

pcmlservice

hwfileutil

hwdatareport

secur32

wtsapi32

kernel32

advapi32

msvcp140

loghelper

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 532KB - Virtual size: 532KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 25KB - Virtual size: 29KB

.pdata Size: 25KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 532KB - Virtual size: 532KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 25KB - Virtual size: 29KB

.pdata
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB