8edc6f85f004ea85269f0077f7f2d793c115c513617a85af6ba9fcd0023a4edf

Sharing

Copy URL Twitter E-mail

General

Target

8edc6f85f004ea85269f0077f7f2d793c115c513617a85af6ba9fcd0023a4edf
Size

1.9MB
MD5

6b7dfdcdaee86dfad303fa548fabf512
SHA1

9d84c207a3d206b377d0621843064d8cf2aab4c0
SHA256

8edc6f85f004ea85269f0077f7f2d793c115c513617a85af6ba9fcd0023a4edf
SHA512

dabd65c1f932cd34f2a18d726203e77bbadfa3db1628430602c0aadd25b83cce714c83bb404f53b9b5eb3d8d567a39f6d250ddaa241261c943c695896825d036
SSDEEP

24576:jXZczGi69Fp/YbV5GDGPU95BuwFv+diaC8/ZQD:3bK0DGPU9V4Y8mD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8edc6f85f004ea85269f0077f7f2d793c115c513617a85af6ba9fcd0023a4edf

Files

8edc6f85f004ea85269f0077f7f2d793c115c513617a85af6ba9fcd0023a4edf
.exe windows:6 windows x86 arch:x86

edee6a6ebb6f314cbd3a9cd258d870ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\Client\Client\Windows\release\Bin\Release\ZoomOutlookIMPlugin.pdb

Imports

cmmlib

?Compare@?$CStringT@_W@Cmm@@QBEHPB_W@Z
?Compare@?$CStringT@_W@Cmm@@QBEHABV12@@Z
?CompareNoCase@?$CStringT@_W@Cmm@@QBEHPB_W@Z
?IsEmpty@?$CStringT@_W@Cmm@@QBEHXZ
?Mid@?$CStringT@_W@Cmm@@QBE?AV?$CRangeT@PB_W@2@II@Z
?IsExists@CFileName@Cmm@@QBEHXZ
??1CFileName@Cmm@@UAE@XZ
??_7CFileName@Cmm@@6B@
?cmm_str_convert@@YAIHPA_WIPBDI@Z
?cmm_str_convert@@YAIHPADIPB_WI@Z
??0?$CStringT@D@Cmm@@QAE@XZ
??0?$CStringT@D@Cmm@@QAE@PBD@Z
??0?$CStringT@D@Cmm@@QAE@ABV?$CStringT@_W@1@@Z
??1?$CStringT@D@Cmm@@UAE@XZ
??B?$CStringT@D@Cmm@@QBEPBDXZ
?c_str@?$CStringT@D@Cmm@@QBEPBDXZ
?GetBuffer@?$CStringT@D@Cmm@@QAEPADI@Z
?SetLength@?$CStringT@D@Cmm@@QAEXI@Z
??0?$CStringT@_W@Cmm@@QAE@PBD@Z
?GetBuffer@?$CStringT@_W@Cmm@@QAEPA_WI@Z
?SetLength@?$CStringT@_W@Cmm@@QAEXI@Z
?InSeconds@TimeDelta@Cmm@@QBE_JXZ
?Now@Time@Cmm@@SA?AV12@XZ
??0CCmmArchiveObjHelper@Cmm@@QAE@PBD@Z
??1CCmmArchiveObjHelper@Cmm@@QAE@XZ
?FlatternToMsg@CCmmMessageHelper@Cmm@@YAPAVCmmMQ_Msg@2@PAVCCmmArchiveObjHelper@2@H@Z
??0CCritical@Cmm@@QAE@XZ
??1CCritical@Cmm@@QAE@XZ
?Lock@CCritical@Cmm@@QAEXXZ
?Unlock@CCritical@Cmm@@QAEXXZ
?GetImp@CCmmArchiveServiceImp@Archive@Cmm@@SAAAV123@XZ
?AddPackageDefine0@CCmmArchiveServiceImp@Archive@Cmm@@QAEHPBD@Z
?ParseMsg@?$CmmMessageTemplate_1@V?$CStringT@D@Cmm@@@Archive@Cmm@@UAEHPBVCmmMQ_Msg@3@@Z
?SetItem1@?$CmmMessageTemplate_1@V?$CStringT@D@Cmm@@@Archive@Cmm@@QAEXABV?$CStringT@D@3@@Z
?GetItem1@?$CmmMessageTemplate_1@V?$CStringT@D@Cmm@@@Archive@Cmm@@QAEAAV?$CStringT@D@3@XZ
?SetItem2@?$CmmMessageTemplate_2@V?$CStringT@D@Cmm@@V12@@Archive@Cmm@@QAEXABV?$CStringT@D@3@@Z
?GetItem2@?$CmmMessageTemplate_2@V?$CStringT@D@Cmm@@V12@@Archive@Cmm@@QAEAAV?$CStringT@D@3@XZ
?GetItem2@?$CmmMessageTemplate_2@V?$CStringT@D@Cmm@@H@Archive@Cmm@@QAEAAHXZ
?GetItem3@?$CmmMessageTemplate_3@V?$CStringT@D@Cmm@@HV12@@Archive@Cmm@@QAEAAV?$CStringT@D@3@XZ
?GetItem4@?$CmmMessageTemplate_4@V?$CStringT@D@Cmm@@HV12@V12@@Archive@Cmm@@QAEAAV?$CStringT@D@3@XZ
?Format@?$CStringT@_W@Cmm@@QAAXPB_WZZ
??1CSBMBMessage_Outlook_IMIntegration_GetContactInfo_Request@@UAE@XZ
??0CSBMBMessage_Outlook_IMIntegration_GetContactInfo_Response@@QAE@XZ
??1CSBMBMessage_Outlook_IMIntegration_GetContactInfo_Response@@UAE@XZ
??0CSBMBMessage_Outlook_IMIntegration_StartVideo_Request@@QAE@XZ
??1CSBMBMessage_Outlook_IMIntegration_StartVideo_Request@@UAE@XZ
??0CSBMBMessage_Outlook_IMIntegration_StartChat_Request@@QAE@XZ
??1CSBMBMessage_Outlook_IMIntegration_StartChat_Request@@UAE@XZ
??0CSBMBMessage_Outlook_IMIntegration_StartAudio_Request@@QAE@XZ
??1CSBMBMessage_Outlook_IMIntegration_StartAudio_Request@@UAE@XZ
??0CSBMBMessage_Outlook_IMIntegration_SelfEmail_Response@@QAE@XZ
??1CSBMBMessage_Outlook_IMIntegration_SelfEmail_Response@@UAE@XZ
??0CSBMBMessage_Outlook_IMIntegration_PhotoChanged_Notification@@QAE@XZ
??1CSBMBMessage_Outlook_IMIntegration_PhotoChanged_Notification@@UAE@XZ
??1Listener@Channel@ssb_ipc@@UAE@XZ
??0Listener@Channel@ssb_ipc@@QAE@XZ
??0CIPCChannelThread@ssb_ipc@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4ChannelMode@1@PAVListener@Channel@1@H@Z
??1CIPCChannelThread@ssb_ipc@@UAE@XZ
?IsServerGood@CIPCChannelThread@ssb_ipc@@QAEHXZ
?Start@CIPCChannelThread@ssb_ipc@@QAEHXZ
?Stop@CIPCChannelThread@ssb_ipc@@QAEHXZ
?SendMessageW@CIPCChannelThread@ssb_ipc@@QAEHPAVCmmMQ_Msg@Cmm@@@Z
?GenChannelName@CIPCChannelThread@ssb_ipc@@SAXABV?$CStringT@_W@Cmm@@IAAV34@@Z
?ThreadProc@CIPCChannelThread@ssb_ipc@@UAEIXZ
?ReleaseBuffer@?$CStringT@_W@Cmm@@QAEXXZ
?Empty@?$CStringT@_W@Cmm@@QAEXXZ
?GetLength@?$CStringT@_W@Cmm@@QBEIXZ
?Find@?$CStringT@_W@Cmm@@QBEPA_WPB_WH@Z
?Replace@?$CStringT@_W@Cmm@@QAEXPB_W0@Z
??0CFileName@Cmm@@QAE@XZ
?GetSpecialDirectory@CFileName@Cmm@@QAEXW4SpecialFolder@12@H@Z
??0CmmCryptoUtil@@QAE@XZ
??1CmmCryptoUtil@@UAE@XZ
?Assign@?$CStringT@_W@Cmm@@QAEXPB_WI@Z
??Y?$CStringT@_W@Cmm@@QAEAAV01@ABV01@@Z
??Y?$CStringT@_W@Cmm@@QAEAAV01@PB_W@Z
??4?$CStringT@_W@Cmm@@QAEAAV01@ABV01@@Z
??4?$CStringT@_W@Cmm@@QAEAAV01@PB_W@Z
??H?$CStringT@_W@Cmm@@QBE?AV01@PB_W@Z
??B?$CStringT@_W@Cmm@@QBEPB_WXZ
??0?$CStringT@_W@Cmm@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0?$CStringT@_W@Cmm@@QAE@PB_W@Z
??0?$CStringT@_W@Cmm@@QAE@ABV01@@Z
??0?$CStringT@_W@Cmm@@QAE@XZ
?find@?$CStringT@_W@Cmm@@QBEIPB_WI@Z
?c_str@?$CStringT@_W@Cmm@@QBEPB_WXZ
??1?$CStringT@_W@Cmm@@UAE@XZ
??0CSBMBMessage_Outlook_IMIntegration_GetContactInfo_Request@@QAE@XZ

zcrashreport

ord7

kernel32

InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
MultiByteToWideChar
FindFirstFileW
CloseHandle
WaitForSingleObject
GetCurrentProcess
GetExitCodeProcess
GetProcessId
GetSystemDirectoryW
GetBinaryTypeW
GetCurrentProcessId
DecodePointer
ExitProcess
CreateFileW
GetFileSize
ReadFile
SetLastError
GetCurrentThreadId
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetCommandLineW
SetEvent
CreateMutexW
CreateEventW
Sleep
CreateThread
HeapFree
GetModuleHandleA
HeapAlloc
GetProcessHeap
VirtualProtect
ReleaseSemaphore
WriteFile
TerminateProcess
WaitForMultipleObjects
InitializeCriticalSection
SetFilePointer
ResumeThread
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
CreateFileA
Process32FirstW
GetWindowsDirectoryW
CreateSemaphoreW
FlushInstructionCache
CreateDirectoryA
SetDllDirectoryW
VirtualQuery
FlushFileBuffers
EncodePointer
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EnterCriticalSection
GetLastError
LoadLibraryExA
RaiseException
VerifyVersionInfoW
GetPrivateProfileStringW
SetErrorMode
DeleteFileW
CreateDirectoryW
VerSetConditionMask
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
LeaveCriticalSection
GetTempFileNameW

user32

CharNextW
IsWindow
UnregisterClassW
KillTimer
GetWindowLongW
DefWindowProcW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharUpperW
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationA
CallWindowProcW
RegisterClassW
GetClassInfoW
PostQuitMessage
SetWindowLongW
PeekMessageW
LoadCursorW
RegisterClassExW
GetClassInfoExW
SetTimer
CreateWindowExW
DestroyWindow

advapi32

RegCloseKey
RegDeleteKeyW
RegDeleteValueW
OpenProcessToken
RegGetValueW
GetTokenInformation
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CLSIDFromProgID
StringFromGUID2
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoRevokeClassObject
CoRegisterClassObject
CreateStreamOnHGlobal
CoInitialize
CoResumeClassObjects
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

UnRegisterTypeLi
RegisterTypeLi
VariantCopyInd
VariantInit
SafeArrayRedim
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
VariantCopy
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SysStringLen
SysFreeString

msvcp140

??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Wcscoll
_Wcsxfrm
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??Bid@locale@std@@QAEIXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathIsRelativeW
PathCombineW

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

psapi

GetModuleInformation
GetModuleFileNameExW
EnumProcessModules

vcruntime140

wcsstr
_except_handler4_common
__current_exception_context
__current_exception
_purecall
memmove
memset
__std_terminate
strchr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy

api-ms-win-crt-string-l1-1-0

towupper
wcscpy_s
wcsncpy_s
strcat_s
_wcsicmp
towlower
wcscat_s

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_errno
_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_invalid_parameter_noinfo_noreturn
terminate
_initterm_e
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_resetstkoflw
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
_recalloc
free
realloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

edee6a6ebb6f314cbd3a9cd258d870ee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cmmlib

zcrashreport

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

shlwapi

wintrust

crypt32

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 189KB - Virtual size: 189KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 37KB - Virtual size: 38KB

.rsrc Size: 151KB - Virtual size: 151KB

.reloc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 189KB - Virtual size: 189KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 37KB - Virtual size: 38KB

.rsrc
Size: 151KB - Virtual size: 151KB

.reloc
Size: 1.5MB - Virtual size: 1.5MB