965ff2a198dbe786421a5f4a24c83302d910328e962f7512cf94717e807cec33

Sharing

Copy URL Twitter E-mail

General

Target

965ff2a198dbe786421a5f4a24c83302d910328e962f7512cf94717e807cec33
Size

652KB
MD5

b51102267dee2b047599fd6178822dd5
SHA1

d0acb2745b7b154269fa2d7533166fd9c3ee1a82
SHA256

965ff2a198dbe786421a5f4a24c83302d910328e962f7512cf94717e807cec33
SHA512

41f5842efa9da258b7fd97e75d8b3d3f39f5c35e5798701a1ac2b0db30d5b61dc7d59bef3d5fa7eb05e81425b4aa61ffe5c34a33d38f89828479a1dd469a7231
SSDEEP

12288:ZbcA4f8SM9x1qSYf65+byM5BkRU3C6GOkVZaUD3AUmf2SK48qD8fDqWQVS2raQou:ZbcA4f839x13e8dmf2SsqD8fmvVSe1ou

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
965ff2a198dbe786421a5f4a24c83302d910328e962f7512cf94717e807cec33

Files

965ff2a198dbe786421a5f4a24c83302d910328e962f7512cf94717e807cec33
.exe windows:6 windows x86 arch:x86

7fd8994d30083e0c463b9810f5aa8110

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\nward\Development\phoenix\polarizer-cli-win\PolarizerAppServerWin\Release\PolarizerAppServerWin.pdb

Imports

ws2_32

getsockopt
htons
getpeername
connect
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
getsockname
gethostname
__WSAFDIsSet
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord143
ord41
ord50
ord45
ord60
ord211
ord46
ord217

crypt32

CertFindCertificateInStore
PFXImportCertStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CryptStringToBinaryA
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateChain

normaliz

IdnToAscii

prism

XRDisplayToleranceProfileGetAbsoluteDeltaE
XRDisplayToleranceParamsCreate
XRUniStringCopyCStringData
XRIlluminantRelease
XRDisplayToleranceProfileSetParams
XRSetLicensePath
XRDisplayToleranceProfileComputeDeviceValues
XRDisplayToleranceProfileGetRelativeDeltaE
XRTransformDoTransform
XRDisplayToleranceProfileSetMeasurements
XRDisplayToleranceProfileGetDeltaE
XRIlluminantCreateForStandard
XRReleaseChart
XRSetLicenseCustomerName
XRFree
XRTransformCreateHandleFromTwoProfiles
XRProfileGetCreator
XRProfileGetDescription
XRProfileGetVersion
XRProfileGetCreationDate
XRProfileFromPathCreate
XRProfileRelease
XRDisplayInfoGetIsPrimary
XRGetDisplayList
XRDisplayInfoGetDisplayFriendlyName
XRUniStringToUtf8
XRDisplayInfoListRelease
XRDisplayInfoGetManufacturerId
XRDisplayInfoGetDisplayId
XRGetActiveDisplayProfile
XRDisplayInfoGetDisplayName
XRInstallActivateDisplayProfile
XRProfileDisplayParamsSetCustomAttributes
XRColorRelease
XRProfileDisplayParamsSetUseCIECAM02
XRProfileDisplayParamsSetWhitePointDaylightTemp
XRProfileDisplayParamsSetAmbient
XRProfileDisplayParamsSetBT1886_EOTF
XRProfileDisplayParamsSetGamma
XRProfileDisplayParamsSetTargetLuminosity
XRNameValueMapCreate
XRCxf3AddColors
XRDiplayProfileObjectBuildProfile
XRDisplayUnifiedObjectRefCreate
XRProfileDisplayParamsSetSRGBGamma
XRProfileDisplayParamsSetWriteWCSTag
XRNameValueMapRelease
XRProfileDisplayParamsSetBlackLuminance
XRProfileDisplayParamsRelease
XRProfileDisplayParamsSetWhitePointCIEIlluminant
XRProfileDisplayParamsSetDisplayType
XRProfileDisplayParamsSetWhiteYxy
XRDisplayToleranceParamsRelease
XRNameValueMapAddValue
XRColorGetCoordinates
XRDisplayProfileObjectModifyParameters
XRProfileDisplayParamsSetDictTagMap
XRDiplayProfileObjectSetPatches
XRProfileDisplayParamsSetChromaticAdaptation
XRDisplayProfileObjectRefCreate
XRProfileDisplayParamsSetHitTargetLuminosity
XRProfileDisplayParamsCreate
XRCxf3CloseStream
XRProfileDisplayParamsPrint
XRProfileDisplayParamsSetNumInitialPatchSet
XRCxf3AddProfileParams
XRUniStringCreateFromWide
XRCxf3OpenStream
XRProfileDisplayParamsGetCustomAttributes
XRProfileDisplayParamsSetCustomGamma
XRUniStringRelease
XRProfileDisplayParamsSetNumIterativeGridPoints
XRDisplayProfileObjectGetTargetPreview
XRProfileDisplayParamsSetContrastRatio
XRColorCreate
XRDisplayProfileObjectSaveProfile
XRProfileDisplayParamsSetWhiteYupvp
XRDisplayProfileObjectRefRelease
XRUniStringCreateFromMBCS
XRProfileDisplayParamsSetHasInternalLUTs
XRProfileDisplayParamsSetProfileVersion
XRProfileDisplayParamsSetNativeWhitePoint
XRDisplayProfileObjectGetNextTarget
XRProfileDisplayParamsSetProfileType
XRUniStringCreateFromUtf8
XRProfileDisplayParamsSetLuminanceType
XRProfileDisplayParamsSetEmbeddedProfileVersion
XRCxf3WriteStream
XRTransformRelease

kernel32

MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
CloseHandle
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
FormatMessageW
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
SetLastError
Sleep
GetTickCount
QueryPerformanceCounter
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
EnterCriticalSection
GetLastError
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetFileType
UnhandledExceptionFilter

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptReleaseContext

msvcp140

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PAV32@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
_Query_perf_frequency
?_Xbad_function_call@std@@YAXXZ
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ

vcruntime140

_except_handler4_common
_CxxThrowException
__current_exception_context
__current_exception
memchr
strstr
memmove
strchr
memcpy
memset
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
strrchr
__RTDynamicCast

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
strerror
_crt_atexit
_beginthreadex
_controlfp_s
__sys_nerr
_getpid
_errno
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_invalid_parameter_noinfo_noreturn
terminate
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argv
__p___argc

api-ms-win-crt-stdio-l1-1-0

ungetc
fsetpos
fread
fputc
_lseeki64
__p__commode
__acrt_iob_func
fgets
_open
fopen
fflush
fclose
fgetc
ftell
_fseeki64
fseek
_read
_write
_close
_set_fmode
_get_stream_buffer_pointers
feof
fwrite
__stdio_common_vsprintf
fputs
__stdio_common_vsscanf
fgetpos
setvbuf

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_lock_file
_unlock_file
_unlink
_access
_stat64

api-ms-win-crt-convert-l1-1-0

strtol
wcstombs
atof
atoi
strtoull
strtoul
strtod
strtoll

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dsign
_dclass
ceil

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
realloc
_set_new_mode
free
malloc

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64

api-ms-win-crt-string-l1-1-0

strcspn
strncmp
strpbrk
strspn
isupper
_strdup
strncpy
tolower

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fd8994d30083e0c463b9810f5aa8110

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

crypt32

normaliz

prism

kernel32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 519KB - Virtual size: 518KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 519KB - Virtual size: 518KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 25KB - Virtual size: 25KB