29c64f5f529cae00187455d9fdeaf2c0ef26d892bf5cd2cb3b8022cf2fe9c681

Sharing

Copy URL Twitter E-mail

General

Target

29c64f5f529cae00187455d9fdeaf2c0ef26d892bf5cd2cb3b8022cf2fe9c681
Size

4.9MB
MD5

ab414a942d0ea804a4b7c072f9bc8e6c
SHA1

6ea8e5ac5630b3653ff0d78a629ed1104c4299a7
SHA256

29c64f5f529cae00187455d9fdeaf2c0ef26d892bf5cd2cb3b8022cf2fe9c681
SHA512

a13393b87dd156e54d76ad4d3943127800028cb0e1d4f6df0bbde11a97e339070311baa8c160dfaac32fb6586ef76897f89e177ca618677a5a3924fc7d0c474e
SSDEEP

98304:GJboV550j3NcJPnGVTUSFIXlexHMEnA9iVta:6UVacJP+FK0VA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29c64f5f529cae00187455d9fdeaf2c0ef26d892bf5cd2cb3b8022cf2fe9c681

Files

29c64f5f529cae00187455d9fdeaf2c0ef26d892bf5cd2cb3b8022cf2fe9c681
.dll windows:5 windows x86 arch:x86

ced0f09e3191accc643f5834a4afc2ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\jenkins\workspace\skylar6_lts_client\security\360rp.ext\Release\360rp.pdb

Imports

kernel32

lstrcmpiW
GetFullPathNameW
VirtualAlloc
VirtualFree
SetProcessWorkingSetSize
GetSystemInfo
GetThreadTimes
Toolhelp32ReadProcessMemory
VirtualProtect
CreateSemaphoreA
TlsFree
TlsSetValue
OpenMutexW
DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
GetFileType
DuplicateHandle
GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
FileTimeToDosDateTime
GetFileInformationByHandle
SetThreadExecutionState
SetPriorityClass
GetPrivateProfileIntA
VirtualQueryEx
CreateProcessA
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualQuery
FlushInstructionCache
SetThreadContext
LoadLibraryA
LockFile
LockFileEx
UnlockFile
GetTempPathA
FormatMessageA
GetFileAttributesA
DeleteFileA
GetFullPathNameA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LoadLibraryW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetNamedPipeHandleState
ReadFileEx
WaitForSingleObjectEx
CreateNamedPipeA
GetOverlappedResult
IsBadReadPtr
MulDiv
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
GetStringTypeExW
GetThreadLocale
GetVolumeInformationW
GlobalReAlloc
GlobalHandle
GetHandleInformation
CompareStringW
GlobalGetAtomNameW
GetAtomNameW
lstrcmpA
lstrcpyW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitThread
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
SetStdHandle
HeapSize
ExitProcess
GetStdHandle
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
HeapCreate
HeapDestroy
FatalAppExitA
LCMapStringA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoA
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleCtrlHandler
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
OutputDebugStringA
GetCommandLineW
Module32FirstW
Module32NextW
SetEnvironmentVariableW
RemoveDirectoryW
GlobalMemoryStatus
GetExitCodeProcess
Thread32First
GetNumberOfConsoleInputEvents
PeekConsoleInputA
SetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
HeapWalk
HeapLock
HeapUnlock
GetProcessHeap
LocalFileTimeToFileTime
lstrcatW
Thread32Next
AreFileApisANSI
QueryDosDeviceW
lstrcmpW
GetTimeZoneInformation
GetLogicalDriveStringsW
CreateFileA
GetDriveTypeA
QueryDosDeviceA
SetEndOfFile
SetFilePointerEx
GetLogicalDrives
SetCurrentDirectoryW
SetUnhandledExceptionFilter
LocalAlloc
LocalFree
GetFileTime
SetErrorMode
TlsGetValue
TlsAlloc
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
GetModuleHandleA
GetSystemWindowsDirectoryW
GetEnvironmentVariableW
CreateMutexW
MoveFileW
GetACP
CompareFileTime
GetTempFileNameW
GetFileSizeEx
GetThreadContext
ReadProcessMemory
GetShortPathNameW
lstrlenA
LoadLibraryExW
FreeResource
SetLastError
OpenEventW
lstrlenW
GetStartupInfoW
CreateProcessW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetProcessIoCounters
ProcessIdToSessionId
CreateDirectoryW
Process32FirstW
FileTimeToLocalFileTime
FileTimeToSystemTime
Process32NextW
OpenMutexA
WritePrivateProfileSectionW
OpenThread
SuspendThread
SetLocalTime
CreateEventA
GetCurrentProcess
FindFirstFileW
SetFileAttributesW
FindNextFileW
FindClose
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
TerminateProcess
GetTempPathW
GetExitCodeThread
TerminateThread
ResetEvent
GetCurrentThread
SetThreadPriority
CreateToolhelp32Snapshot
CreateThread
ReleaseMutex
CreateMutexA
ResumeThread
OpenProcess
GetPrivateProfileSectionW
GetDriveTypeW
DeviceIoControl
GetModuleFileNameA
WaitForMultipleObjects
GetPrivateProfileStringW
CreateSemaphoreW
ReleaseSemaphore
ReadFile
GetLastError
WaitForSingleObject
SetEvent
CreateEventW
GetLongPathNameW
GetFileAttributesExW
GetSystemDirectoryW
MoveFileExW
GetWindowsDirectoryW
WritePrivateProfileStringW
GetFileAttributesW
MultiByteToWideChar
GetTickCount
InterlockedExchangeAdd
InterlockedDecrement
InterlockedIncrement
FreeLibrary
LoadResource
LockResource
SizeofResource
FindResourceW
GetVersionExW
GetVersion
WideCharToMultiByte
GetLocalTime
Sleep
CreateFileW
GetFileSize
SetFilePointer
CloseHandle
DeleteFileW
GetCurrentThreadId
GetCurrentProcessId
WriteFile
FlushFileBuffers
OutputDebugStringW
GetModuleFileNameW
CopyFileW
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetProcAddress
InterlockedExchange
IsBadCodePtr
InterlockedCompareExchange
GetPrivateProfileIntW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LocalReAlloc
InitializeCriticalSection

user32

FindWindowW
SendMessageTimeoutW
GetSystemMetrics
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
SetWindowTextW
MoveWindow
ScrollWindowEx
GetDesktopWindow
DestroyIcon
InflateRect
GetMenuItemInfoW
DestroyMenu
PostQuitMessage
SetRectEmpty
InvalidateRect
SetCursor
ShowOwnedPopups
DeleteMenu
EndDialog
GetNextDlgTabItem
PostMessageW
SetFocus
IsWindow
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
RegisterWindowMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
WaitForInputIdle
GetWindowThreadProcessId
FindWindowExW
PostThreadMessageW
CharLowerBuffW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
ShowWindow
SetForegroundWindow
WindowFromPoint
SystemParametersInfoW
EnumThreadWindows
SetWindowPos
SwitchToThisWindow
BringWindowToTop
GetWindowRect
SetTimer
KillTimer
CreateDialogIndirectParamW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
GetMenuBarInfo
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
CharUpperW
MsgWaitForMultipleObjects
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
wsprintfW
LoadStringW
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
GetDialogBaseUnits
GetKeyNameTextW
MapVirtualKeyW
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
IsDialogMessageW
GetFocus

gdi32

SetViewportExtEx
GetTextMetricsW
GetBkColor
CreateCompatibleBitmap
StretchDIBits
CreateFontW
GetCharWidthW
GetTextExtentPoint32W
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectW
GetDCOrgEx
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
GetDeviceCaps
CopyMetaFileW
CreateDCW
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
GetBitmapBits
GetObjectA
CreateDCA
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
SetMapperFlags
SetTextJustification
SetTextCharacterExtra
ScaleViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteKeyW
ReportEventA
DeregisterEventSource
RegQueryValueExA
RegQueryValueW
RegSetValueW
SetEntriesInAclW
RevertToSelf
DuplicateTokenEx
QueryServiceStatusEx
SetTokenInformation
ControlService
OpenThreadToken
RegEnumKeyExW
CheckTokenMembership
GetUserNameW
AllocateAndInitializeSid
IsValidSid
EqualSid
FreeSid
LookupAccountSidW
GetTokenInformation
CreateProcessAsUserW
RegQueryInfoKeyW
RegEnumKeyW
RegisterEventSourceA
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyW
ChangeServiceConfig2W
QueryServiceConfigW
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
CreateServiceW
ChangeServiceConfigW
StartServiceW
RegCreateKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorDacl

shell32

DragQueryFileW
DragFinish
ExtractIconW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationW
ord165
CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW
SHChangeNotify
SHGetSpecialFolderPathW

shlwapi

PathAddBackslashW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
StrCmpW
SHGetValueA
SHDeleteValueW
PathCombineW
wnsprintfW
StrToIntW
SHDeleteKeyW
PathIsRelativeW
StrCmpNW
PathCommonPrefixW
PathRemoveBackslashW
StrStrW
PathIsDirectoryW
StrCmpNIW
StrStrIW
PathRemoveFileSpecW
PathFindExtensionW
SHSetValueW
PathAppendW
StrCmpIW
SHGetValueW
PathCanonicalizeW
PathFileExistsW
PathFindFileNameW

ole32

ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoInitializeEx
IIDFromString
CoInitializeSecurity
OleInitialize
OleUninitialize
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysAllocStringLen
VariantInit
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayGetLBound
VarBstrCat
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
GetErrorInfo
SetErrorInfo
CreateErrorInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

EnumProcesses
EnumProcessModules
GetProcessMemoryInfo
GetMappedFileNameW
GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleBaseNameW

rpcrt4

RpcServerRegisterIf
RpcServerUseProtseqEpW
RpcServerListen
RpcServerUnregisterIf
RpcMgmtStopServerListening
NdrServerCall2

winmm

mciSendCommandW
timeGetTime

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
CM_Request_Device_EjectW
CM_Get_Parent
SetupDiDestroyDeviceInfoList

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

iphlpapi

GetIpAddrTable

ws2_32

gethostbyname
select
WSAStartup
gethostname
inet_ntoa
WSACleanup

Exports

Exports

?StartListen2@Communicator@@YAPAXPBD@Z
?StartListen3@Communicator@@YAPAXPBDI@Z
?StartListen@Communicator@@YAHPBD@Z
?StopListen2@Communicator@@YAXPAX@Z
?StopListen@Communicator@@YAHXZ
CreateHipsClient
EntPluginEntryFuncNew
GetAvFltState
PrepareAvDriver
StopRPPlugin
UninstAvDriver

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 685KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ced0f09e3191accc643f5834a4afc2ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

version

psapi

rpcrt4

winmm

setupapi

userenv

wininet

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 685KB - Virtual size: 685KB

.data Size: 32KB - Virtual size: 78KB

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 160KB - Virtual size: 160KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 685KB - Virtual size: 685KB

.data
Size: 32KB - Virtual size: 78KB

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 160KB - Virtual size: 160KB