3d4b44ed9a7dd90efe9f923cd899ef8004961b1af6b0b20db290a3f01214c91b

Sharing

Copy URL

Twitter E-mail

General

Target

3d4b44ed9a7dd90efe9f923cd899ef8004961b1af6b0b20db290a3f01214c91b
Size

7.2MB
MD5

e9abcc85aa2f5953582713b3d019a191
SHA1

4ae7992229b3b311dacacd632b1bb10bd8322f97
SHA256

3d4b44ed9a7dd90efe9f923cd899ef8004961b1af6b0b20db290a3f01214c91b
SHA512

661e7b933b53c7815058d3e9d1df0f9cde3e3c4f95644af9c74f87530c8eda38a4b4d7dfbeaec605e0ba1a0c4b073b3e6479d70d91d51285152e9be98b7fd19e
SSDEEP

196608:WDXX9uGZ9txrBDN1V+U/IlkXqqBIsxg0DuQC9HlS:WDXYaDVt/ImX/tgBQCZlS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d4b44ed9a7dd90efe9f923cd899ef8004961b1af6b0b20db290a3f01214c91b

Files

3d4b44ed9a7dd90efe9f923cd899ef8004961b1af6b0b20db290a3f01214c91b
.exe windows:6 windows x86 arch:x86

cbd0a78e20b93e80de032f88ebb70a9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work2023\leigod_sdk\leishensdk\bin\Release\leishenSdk.pdb

Imports

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetNameStringA
CertOpenSystemStoreW
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertGetIntendedKeyUsage
CryptQueryObject
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertOpenStore

ws2_32

getservbyname
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
inet_ntoa
recvfrom
sendto
gethostbyaddr
__WSAFDIsSet
accept
WSAIoctl
WSASend
select
ntohl
getsockopt
setsockopt
getaddrinfo
send
connect
shutdown
listen
WSASetLastError
WSASocketW
getpeername
getsockname
WSAAddressToStringW
recv
freeaddrinfo
WSARecv
ioctlsocket
getnameinfo
bind
closesocket
socket
htonl
inet_addr
WSAStartup
gethostbyname
ntohs
gethostname
getservbyport
InetNtopW
WSACleanup
WSAGetLastError
htons

wldap32

ord301
ord133
ord79
ord142
ord167
ord208
ord216
ord14
ord147
ord41
ord127
ord27
ord26
ord117
ord46
ord219
ord145

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

IsValidCodePage
SetEndOfFile
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
SetFilePointerEx
GetConsoleCP
GetDriveTypeW
CreateDirectoryW
ReadFile
WriteFile
SetFileTime
SetFilePointer
CreateFileW
GetFileAttributesW
MultiByteToWideChar
LocalFileTimeToFileTime
CloseHandle
GetCurrentDirectoryW
SystemTimeToFileTime
WideCharToMultiByte
UnmapViewOfFile
GetFileInformationByHandle
FileTimeToSystemTime
GetLocalTime
GetFileSize
CreateFileMappingW
MapViewOfFile
GetTickCount
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
SystemTimeToTzSpecificLocalTime
GetSystemTime
CreateMutexW
OpenMutexW
Sleep
FormatMessageW
GetLastError
SetEvent
LoadLibraryW
GetProcAddress
LocalFree
CreateProcessW
GetModuleHandleW
FreeLibrary
FormatMessageA
CreateEventA
DeleteFileW
SetCurrentDirectoryW
LocalAlloc
WritePrivateProfileStringW
SetFileAttributesW
GetPrivateProfileStringW
CreateNamedPipeW
ConnectNamedPipe
GetStartupInfoW
GetStdHandle
OutputDebugStringA
WaitForMultipleObjects
CreateEventW
CopyFileW
CreatePipe
RemoveVectoredExceptionHandler
VirtualProtect
GetCurrentProcess
OutputDebugStringW
GetNativeSystemInfo
RaiseException
AddVectoredExceptionHandler
IsWow64Process
CopyFileA
HeapFree
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
CreateProcessA
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
TerminateProcess
GetVersionExW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
LoadLibraryA
Process32FirstW
GetSystemInfo
lstrcmpW
GetExitCodeProcess
InitializeCriticalSectionEx
DecodePointer
WinExec
GetConsoleScreenBufferInfo
SetPriorityClass
SetConsoleTextAttribute
WriteConsoleA
GetDynamicTimeZoneInformation
GetConsoleMode
FindFirstFileW
GetFullPathNameW
FindNextFileW
FindClose
PeekNamedPipe
lstrcpyW
SetThreadAffinityMask
SetConsoleCtrlHandler
GetCurrentThread
SetWaitableTimer
GetCommandLineA
SetLastError
CreateWaitableTimerW
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
GetModuleHandleA
PostQueuedCompletionStatus
TerminateThread
TlsAlloc
CancelIoEx
QueueUserAPC
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
CreateIoCompletionPort
ReleaseSemaphore
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateSemaphoreA
RemoveDirectoryW
GetSystemDirectoryW
SetNamedPipeHandleState
WaitNamedPipeA
CreateNamedPipeA
OpenEventW
DisconnectNamedPipe
CreateFileA
FlushFileBuffers
GetCommandLineW
TryEnterCriticalSection
SetEnvironmentVariableW
VirtualQuery
OpenFileMappingW
ResetEvent
SetThreadPriority
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryA
GetFileType
GetEnvironmentVariableW
VirtualAlloc
VirtualFree
GetModuleHandleExW
MoveFileExW
SetHandleInformation
GetOverlappedResult
CancelIo
CreateFileMappingA
GetEnvironmentVariableA
CompareFileTime
SwitchToFiber
DeleteFiber
CreateFiber
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetACP
ConvertFiberToThread
ExitProcess
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
CreateWaitableTimerA
GetLogicalProcessorInformation
ResumeThread
OpenEventA
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetEnvironmentStringsW
GetCPInfo
QueueUserWorkItem
IsProcessorFeaturePresent
EncodePointer
AreFileApisANSI
GetFileAttributesExW
FindFirstFileExW
GetExitCodeThread
SwitchToThread
DuplicateHandle
GetStringTypeW
FreeEnvironmentStringsW
HeapSize
GetOEMCP
WriteConsoleW
TlsSetValue
ConvertThreadToFiber

user32

GetUserObjectInformationW
MessageBoxW
DestroyWindow
PostQuitMessage
GetSystemMetrics
WaitMessage
RegisterClassExW
CreateWindowExW
PostMessageW
DefWindowProcW
GetProcessWindowStation
SendMessageA
FindWindowA
DispatchMessageW
SetTimer
PeekMessageW
GetDesktopWindow
wsprintfW
MsgWaitForMultipleObjectsEx
KillTimer
TranslateMessage
GetQueueStatus
UnregisterClassW
CallMsgFilterW

advapi32

CryptEnumProvidersA
RegNotifyChangeKeyValue
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CryptAcquireContextA
RegQueryValueExW
CryptHashData
CryptGetHashParam
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeyValueW
RegCreateKeyExW
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
CloseServiceHandle
OpenSCManagerW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW
ord165

ole32

OleInitialize
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
OleUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString

shlwapi

StrCpyW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
StrStrIW
StrStrIA

iphlpapi

GetExtendedTcpTable
GetAdaptersInfo
IcmpCreateFile
IcmpSendEcho2

imm32

ImmDisableIME

msi

ord217
ord173

mswsock

GetAcceptExSockaddrs
AcceptEx

bcrypt

BCryptGenRandom

winmm

timeSetEvent
timeKillEvent
timeGetDevCaps
timeGetTime

Exports

Exports

??0WebSockServer@@AAE@XZ
??0WebSockServer@@QAE@$$QAV0@@Z
??0WebSockServer@@QAE@ABV0@@Z
??0WebSocketClient@@AAE@XZ
??0WebSocketClient@@QAE@$$QAV0@@Z
??0WebSocketClient@@QAE@ABV0@@Z
??1WebSockServer@@QAE@XZ
??1WebSocketClient@@QAE@XZ
??4WebSockServer@@QAEAAV0@$$QAV0@@Z
??4WebSockServer@@QAEAAV0@ABV0@@Z
??4WebSocketClient@@QAEAAV0@$$QAV0@@Z
??4WebSocketClient@@QAEAAV0@ABV0@@Z
?Close@WebSockServer@@QAEXPAX@Z
?CloseAll@WebSockServer@@QAEXXZ
?Init@WebSockServer@@QAEHGV?$function@$$A6AXPAX@Z@boost@@V?$function@$$A6AXPAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@3@V?$function@$$A6AXPAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4WsOpcode@@@Z@3@_NPAX@Z
?Init@WebSocketClient@@QAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6AXPAX@Z@boost@@@Z
?Instance@WebSockServer@@SAAAV1@XZ
?Instance@WebSocketClient@@SAAAV1@XZ
?Send@WebSockServer@@QAE_NPAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4WsOpcode@@@Z
?StartServer@WebSockServer@@QAE_NXZ
?StopListening@WebSockServer@@QAEXXZ
?StopServer@WebSockServer@@QAEXXZ
?__autoclassinit2@WebSockServer@@QAEXI@Z
?__autoclassinit2@WebSocketClient@@QAEXI@Z
?terminate@WebSocketClient@@QAEXXZ

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 808KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbd0a78e20b93e80de032f88ebb70a9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

wldap32

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

imm32

msi

mswsock

bcrypt

winmm

Exports

Exports

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 93KB - Virtual size: 375KB

.rsrc Size: 808KB - Virtual size: 808KB

.reloc Size: 240KB - Virtual size: 239KB

.text
Size: 5.0MB - Virtual size: 5.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 93KB - Virtual size: 375KB

.rsrc
Size: 808KB - Virtual size: 808KB

.reloc
Size: 240KB - Virtual size: 239KB