D:\code\ik-sdwan\win32\bin\Release\x86\ikuaiagent.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2742173c5fec32f5601b3757ebdb93fcf4306e38cc2531a347b882148e5016f6.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2742173c5fec32f5601b3757ebdb93fcf4306e38cc2531a347b882148e5016f6.exe
Resource
win10v2004-20240508-en
General
-
Target
2742173c5fec32f5601b3757ebdb93fcf4306e38cc2531a347b882148e5016f6
-
Size
459KB
-
MD5
45552c25cfd198bfaa5fc6dc020ce912
-
SHA1
48ef363ca7c3403f0359ec9740e862daf1589687
-
SHA256
2742173c5fec32f5601b3757ebdb93fcf4306e38cc2531a347b882148e5016f6
-
SHA512
feafc6400659add28f0cd82a8d3f4471be370889b401901484662527ed9a35469f9b6ccde4bf54a7c498091769707c87755ded5ca87e9b8d6e8ec0c15a91bcd9
-
SSDEEP
12288:yK+OmMUcTK4egT9NbbWQRhZsEbUUacZ/U:yK+rc+4egT9NuQjZX/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2742173c5fec32f5601b3757ebdb93fcf4306e38cc2531a347b882148e5016f6
Files
-
2742173c5fec32f5601b3757ebdb93fcf4306e38cc2531a347b882148e5016f6.exe windows:6 windows x86 arch:x86
1702f808f4e2802233f3492537bc5ae5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ws2_32
WSAGetLastError
closesocket
listen
bind
WSAEventSelect
WSAWaitForMultipleEvents
WSACloseEvent
WSAEnumNetworkEvents
accept
socket
ioctlsocket
recv
send
htons
inet_addr
WSAStartup
WSACleanup
WSACreateEvent
iphlpapi
GetAdaptersInfo
kernel32
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
CloseHandle
CreateEventA
ResetEvent
WaitForSingleObject
SetEvent
ResumeThread
Sleep
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
MoveFileA
GetOEMCP
LeaveCriticalSection
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetVolumeInformationA
CreateFileA
DeviceIoControl
GetModuleFileNameA
WaitForMultipleObjects
WaitNamedPipeA
WriteFile
SetUnhandledExceptionFilter
GetCurrentThread
GetLastError
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
InitializeCriticalSectionEx
DecodePointer
GetModuleHandleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
CreateFileW
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW
SetEndOfFile
EnterCriticalSection
WriteConsoleW
GetFileType
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetStringTypeW
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
OutputDebugStringW
RaiseException
MultiByteToWideChar
EncodePointer
LCMapStringEx
GetLocaleInfoEx
GetProcAddress
user32
MessageBoxA
advapi32
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
shell32
ShellExecuteExA
ole32
CoInitializeSecurity
CoInitializeEx
OleUninitialize
CoInitialize
CoCreateInstance
CoSetProxyBlanket
OleInitialize
CoUninitialize
oleaut32
VariantClear
VariantInit
SysFreeString
SysAllocString
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayPutElement
ikuaicore
iksd_get_node_status_ex
iksd_get_login
iksd_set_modifydns_callback
iksd_set_callback
iksd_set_report
iksd_clt_stop
iksd_version
iksd_is_server
iksd_unsestring
iksd_clt_destory
iksd_clt_loop
iksd_clt_init
shlwapi
PathRemoveFileSpecA
dbghelp
MiniDumpWriteDump
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
Sections
.text Size: 275KB - Virtual size: 274KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ