22a2a5f13fb05dd787534ec019aa0170N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

22a2a5f13fb05dd787534ec019aa0170N.exe
Size

10.0MB
MD5

22a2a5f13fb05dd787534ec019aa0170
SHA1

1c957ede0938fa548e85d0f44b75d6b6ab1b566c
SHA256

ad8b6f79aa4322dbd181a9c02526bcabd20f36853e58faff6a91f398eacf645f
SHA512

2732e53cbb613fe2412eb709737d69dbe182bff8aadf8fcc126789809813c26d7ad0d7272a7d4f8c97eef1d5f420257ebca05801a8d44148167d9a86c82cf0f4
SSDEEP

196608:llAko+ZSKP/KYaBOzyvwaQ6/liGUp6xTca:ZnKYUOEQ6liGK6xca

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22a2a5f13fb05dd787534ec019aa0170N.exe

Files

22a2a5f13fb05dd787534ec019aa0170N.exe
.dll windows:6 windows x86 arch:x86

15ed6fee20e7433a2c4036f6a1e44f6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\T\BuildResults\bin\Release\plug_ins\ppklite.pdb

Imports

kernel32

GetVolumeInformationA
GetDriveTypeA
FreeResource
DebugBreak
VerSetConditionMask
EnumSystemLocalesA
GetUserDefaultLCID
GetProcessHeap
HeapFree
HeapAlloc
MultiByteToWideChar
lstrlenA
lstrcatA
LoadLibraryW
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetLogicalDriveStringsA
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryA
DeleteCriticalSection
InitializeCriticalSectionEx
SetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateThread
ExitThread
LockResource
SizeofResource
FindResourceA
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
lstrcpyA
LoadResource
RaiseException
DecodePointer
OutputDebugStringA
FindAtomW
DisableThreadLibraryCalls
FormatMessageA
LocalFree
GetTickCount
GetLastError
FileTimeToSystemTime
GetModuleFileNameA
CloseHandle
GetFileTime
GetModuleHandleA
VerifyVersionInfoW
VirtualFree
VirtualAlloc
FlushInstructionCache
SetErrorMode
CreateFileA
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
OutputDebugStringW
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GetEnvironmentVariableA
IsDBCSLeadByte
WideCharToMultiByte
lstrcmpiA
lstrcmpA
MulDiv
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
GlobalAlloc
FindResourceW
LeaveCriticalSection
EnterCriticalSection
Sleep
InitializeCriticalSectionAndSpinCount
FlushConsoleInputBuffer
GetVersion
GetCurrentThreadId
WriteFile
GetFileType
GetStdHandle
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTimeAsFileTime
SystemTimeToFileTime

user32

SetFocus
GetFocus
GetPropW
GetParent
GetDesktopWindow
IsDialogMessageA
FindWindowA
UnregisterClassA
MoveWindow
GetSystemMetrics
SetWindowLongA
GetWindowRect
ScreenToClient
SetCursor
GetAsyncKeyState
GetMonitorInfoA
MonitorFromWindow
MapDialogRect
GetWindow
GetClassNameA
MapWindowPoints
ClientToScreen
SetWindowContextHelpId
GetClientRect
GetWindowTextLengthA
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
SetForegroundWindow
SetPropW
BeginPaint
DestroyAcceleratorTable
CreateAcceleratorTableA
ReleaseCapture
SetCapture
CharNextA
SendDlgItemMessageA
GetDlgItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetSysColor
IsChild
IsWindow
CreateWindowExA
GetClassInfoExA
RegisterClassExA
CallWindowProcA
DefWindowProcA
PostMessageA
GetMessageA
RegisterWindowMessageA
GetAncestor
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetForegroundWindow
IsIconic
FillRect
LoadBitmapA
LoadCursorA
wsprintfA
SetWindowPos
MessageBoxA
GetUserObjectInformationW
TranslateMessage
DispatchMessageA
PeekMessageA
GetProcessWindowStation
SendMessageA
GetWindowTextA
SetWindowTextA
ShowWindow
ReleaseDC
GetDC
EnableWindow
GetWindowLongA

gdi32

CreateCompatibleBitmap
GetObjectA
BitBlt
CreateBitmap
CreateCompatibleDC
GetDeviceCaps
SelectObject
DeleteObject
CreateSolidBrush
CreateFontIndirectA
DeleteDC
GetBkColor
GetMapMode
GetStockObject
GetTextExtentPoint32A
SetBkColor
SetMapMode
GetTextMetricsA
DPtoLP

advapi32

CryptGetUserKey
RegSetValueExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExA
RegCloseKey
CryptDestroyKey
CryptImportKey
CryptSetProvParam
CryptAcquireContextW
CryptSetKeyParam
CryptGetProvParam
CryptDecrypt
CryptCreateHash
CryptDestroyHash
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyW
CryptSignHashA
CryptSetHashParam

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetFolderLocation

ole32

CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemRealloc
OleInitialize
OleUninitialize
OleLockRunning
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

oleaut32

OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString
VarUI4FromStr

bib

ord11
ord4
ord5

msvcp140

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_alloc@std@@YAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
_Thrd_id
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?empty@locale@std@@SA?AV12@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ

wsock32

shutdown
sendto
gethostbyname
WSAStartup
WSAGetLastError
send
select
recvfrom
recv
ntohl
ioctlsocket
htons
getsockopt
inet_ntoa
connect
closesocket
bind
accept
__WSAFDIsSet
setsockopt
socket

vcruntime140

__std_terminate
__std_type_info_destroy_list
_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
memmove
__std_exception_copy
__std_exception_destroy
memcpy
memcmp
memchr
memset
strrchr
strchr
strstr
wcsstr
_except_handler4_common
__current_exception
__current_exception_context
_purecall

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo
_initterm
_set_errno
terminate
raise
_cexit
_set_invalid_parameter_handler
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
signal
_crt_atexit
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_resetstkoflw
_initialize_onexit_table
_exit
_register_onexit_function
_execute_onexit_table

api-ms-win-crt-string-l1-1-0

strncmp
strncat
wcsncpy
strpbrk
isalnum
isalpha
strcat
strcpy
_strdup
wcslen
_stricmp
isxdigit
strncpy_s
isspace
strncpy
isdigit
wcscpy_s
strcmp
tolower
_strnicmp
wcsncmp
strlen
wcscmp
isupper
strncat_s
islower
strtok
toupper

api-ms-win-crt-convert-l1-1-0

_strtoui64
strtod
_strtoi64
_i64toa_s
atol
_ultoa_s
_ltoa_s
mbtowc
wctomb
_wtoi
atoi
atof
_itoa_s
strtol
strtoul

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_read
__stdio_common_vsnprintf_s
fgetc
_write
__stdio_common_vsprintf_s
__acrt_iob_func
_wfopen
feof
ferror
fflush
ungetc
setvbuf
_fseeki64
fsetpos
fgetpos
_get_stream_buffer_pointers
__stdio_common_vfwprintf
ungetwc
fputwc
fgetwc
__stdio_common_vsscanf
fopen
fputs
fclose
fputc
fgets
__stdio_common_vfprintf
_fileno
fread
fseek
ftell
fwrite
_setmode

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
realloc
_recalloc
calloc
free

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-multibyte-l1-1-0

_mbsstr
_mbsnbcpy_s

api-ms-win-crt-math-l1-1-0

acos
cos
floor
ceil
sqrt
_isnan
sin
pow

api-ms-win-crt-time-l1-1-0

_gmtime64
_localtime64
_gmtime64_s
_time64
_mktime64
strftime
_difftime64
_ftime64

api-ms-win-crt-locale-l1-1-0

_free_locale
setlocale
___mb_cur_max_func

api-ms-win-crt-utility-l1-1-0

_lrotl
_lrotr
abs
rand
qsort

api-ms-win-crt-conio-l1-1-0

_getch

Exports

Exports

?iEDCSetTestPerms@@YAPAXPAU_t_PDDoc@@PAU_t_ASCabinet@@@Z
PlugInMain

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fipstx
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fipsro
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fipsrd
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fipsda
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 986KB - Virtual size: 985KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15ed6fee20e7433a2c4036f6a1e44f6d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

bib

msvcp140

wsock32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-conio-l1-1-0

Exports

Exports

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

fipstx Size: 60KB - Virtual size: 60KB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 219KB - Virtual size: 238KB

.didat Size: 512B - Virtual size: 320B

fipsro Size: 37KB - Virtual size: 37KB

fipsrd Size: 7KB - Virtual size: 7KB

fipsda Size: 5KB - Virtual size: 5KB

.rsrc Size: 986KB - Virtual size: 985KB

.reloc Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 5.3MB - Virtual size: 5.3MB

fipstx
Size: 60KB - Virtual size: 60KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 219KB - Virtual size: 238KB

.didat
Size: 512B - Virtual size: 320B

fipsro
Size: 37KB - Virtual size: 37KB

fipsrd
Size: 7KB - Virtual size: 7KB

fipsda
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 986KB - Virtual size: 985KB

.reloc
Size: 2.0MB - Virtual size: 2.0MB