04cc9a6a2a24fd30b31b2bb268a0f563be7b242fded0c035f7fac6a881d73fc5

Sharing

Copy URL Twitter E-mail

General

Target

04cc9a6a2a24fd30b31b2bb268a0f563be7b242fded0c035f7fac6a881d73fc5
Size

487KB
MD5

f7d078e753359a2fca6251c422dc1161
SHA1

ff66772de0b580350b071d6042e0b9ea8ebdf99d
SHA256

04cc9a6a2a24fd30b31b2bb268a0f563be7b242fded0c035f7fac6a881d73fc5
SHA512

c99d47049e032db088b9992bb50481589beb5c13a7388f5b03a3281e76760263153675b88409a51edabdb4f3a7848ff41552d10b91dbcffaaaaeabd752f6074e
SSDEEP

12288:slK6b2kFwr9BAC8KXyph0lhSMXl+Gsphk9sX7:sZb2kFwr9BAvh0lhSMXlFsnk9sL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04cc9a6a2a24fd30b31b2bb268a0f563be7b242fded0c035f7fac6a881d73fc5

Files

04cc9a6a2a24fd30b31b2bb268a0f563be7b242fded0c035f7fac6a881d73fc5
.dll windows:6 windows x64 arch:x64

87447cd08a43cb9a29a824cc35f7df37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\TemporaryBuilds\azure-adaware-pool-build-de-1\11\s\_build\bin\x64\Release\license_keys.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
GetDynamicTimeZoneInformation
GetCurrentThreadId
GetCurrentProcessId
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
WriteFile
GetStdHandle
GetConsoleMode
WideCharToMultiByte
MultiByteToWideChar
AcquireSRWLockExclusive
GetFileInformationByHandleEx
GetLastError
CloseHandle
AreFileApisANSI
GetFileAttributesExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive

shell32

SHGetFolderPathW

boost_thread-vc144-mt-x64-1_85

??1thread_data_base@detail@boost@@UEAA@XZ
?joinable@thread@boost@@QEBA_NXZ
?interrupt@thread@boost@@QEAAXXZ
??0thread@boost@@QEAA@XZ
?join@thread@boost@@QEAAXXZ
??4thread@boost@@QEAAAEAV01@$$QEAV01@@Z
??1thread@boost@@QEAA@XZ
?start_thread@thread@boost@@AEAAXXZ
?notify_all_at_thread_exit@thread_data_base@detail@boost@@UEAAXPEAVcondition_variable@3@PEAVmutex@3@@Z
??0thread_data_base@detail@boost@@QEAA@XZ

fmt

?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z
?format_system_error@v10@fmt@@YAXAEAV?$buffer@D@detail@12@HPEBD@Z

sqlite3

sqlite3_errstr
sqlite3_errcode
sqlite3_db_handle
sqlite3_create_function_v2
sqlite3_column_text
sqlite3_reset
sqlite3_prepare_v2
sqlite3_exec
sqlite3_open
sqlite3_create_function
sqlite3_finalize
sqlite3_limit
sqlite3_last_insert_rowid
sqlite3_create_collation
sqlite3_busy_handler
sqlite3_aggregate_context
sqlite3_step
sqlite3_column_int
sqlite3_bind_text
sqlite3_bind_int
sqlite3_errmsg
sqlite3_close
sqlite3_user_data

msvcp140

?_Xbad_alloc@std@@YAXXZ
_Xtime_get_ticks
_Thrd_id
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
_Mtx_unlock
_Cnd_destroy_in_situ
_Cnd_signal
?_Xbad_function_call@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
_Mtx_lock

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
_CxxThrowException
memmove
memcmp
memchr
__C_specific_handler
memcpy
memset
__current_exception_context
__std_terminate
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
_purecall
__current_exception

api-ms-win-crt-math-l1-1-0

ceilf
_ldsign
_dsign
_fdsign

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
calloc

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
abort
_register_onexit_function
_seh_filter_dll
_initialize_onexit_table
_initterm_e
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_errno
_invalid_parameter_noinfo_noreturn
terminate
_cexit
_crt_atexit

api-ms-win-crt-time-l1-1-0

_localtime64_s
_gmtime64_s
strftime

api-ms-win-crt-string-l1-1-0

isdigit

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Exports

Exports

Create_Kernel
Create_Params

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

boostdll
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87447cd08a43cb9a29a824cc35f7df37

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

boost_thread-vc144-mt-x64-1_85

fmt

sqlite3

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 239KB - Virtual size: 239KB

.rdata Size: 201KB - Virtual size: 200KB

.data Size: 27KB - Virtual size: 29KB

.pdata Size: 14KB - Virtual size: 13KB

boostdll Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 239KB - Virtual size: 239KB

.rdata
Size: 201KB - Virtual size: 200KB

.data
Size: 27KB - Virtual size: 29KB

.pdata
Size: 14KB - Virtual size: 13KB

boostdll
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB