9fea726285d329a78abda3337651948c6d111039b630869d76a2e447b4251053

Sharing

Copy URL Twitter E-mail

General

Target

9fea726285d329a78abda3337651948c6d111039b630869d76a2e447b4251053
Size

420KB
MD5

dc6b3976b4e2fd0aaa0781bc792970e8
SHA1

5e47b232fc67359a71458822a5307d48aab4d112
SHA256

9fea726285d329a78abda3337651948c6d111039b630869d76a2e447b4251053
SHA512

227c9301af2ec87bfe135c4663e32f90119573f173a3e593bca2f43630a921fb36d061f5163fe94c762c7aa64347b8cbf57e106ccedaf4c9ed420ff68df3abe0
SSDEEP

12288:ZQxGcOehYIilfAqu4ekrbh8EnwX9peT8LhUO+BUD8SQqFIjp:cGcO4LRGkhUO+BUD8SEjp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fea726285d329a78abda3337651948c6d111039b630869d76a2e447b4251053

Files

9fea726285d329a78abda3337651948c6d111039b630869d76a2e447b4251053
.exe windows:6 windows x86 arch:x86

f1793dfd23c03e42870ee7d8a5893b46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\bamboo\bamboo-agent-home\xml-data\build-dir\NEO-NEOC-NCW\neo-windows-native\dfu_utils\bin\Release\Win32\neo_dfu_utils.pdb

Imports

ws2_32

bind
recv
WSAGetLastError
closesocket
connect
ioctlsocket
gethostname
ntohl
WSACloseEvent
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
recvfrom
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
freeaddrinfo
listen
sendto
getaddrinfo
WSAIoctl
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
send

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143

crypt32

CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
QueryPerformanceCounter
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
InitializeCriticalSectionEx
FormatMessageW
SetLastError
MoveFileW
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
InitializeSListHead
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetSystemTimeAsFileTime
GetStdHandle
LoadLibraryW
GetProcAddress
GetModuleFileNameW
Sleep
DeleteFileW
GetFileAttributesW
SetFileAttributesW
OutputDebugStringA
CloseHandle
SetUnhandledExceptionFilter
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FreeLibrary

advapi32

CryptGenRandom
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memmove
__CxxFrameHandler3
_except_handler4_common
__std_exception_destroy
memset
memcpy
__current_exception
__current_exception_context
strchr
strrchr
strstr
__std_exception_copy
memchr
_CxxThrowException

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_set_new_mode
free
calloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

_close
fwrite
__stdio_common_vfprintf
_lseeki64
__stdio_common_vsprintf
fgets
_open
fopen
fputc
_wfsopen
feof
__stdio_common_vswscanf
__stdio_common_vfwprintf
__stdio_common_vsscanf
_set_fmode
fputs
_wfopen
fread
fclose
__acrt_iob_func
__stdio_common_vsnprintf_s
__p__commode
ftell
fseek
fflush
_write
_read
__stdio_common_vsnwprintf_s

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
__p___wargv
__p___argc
__sys_nerr
exit
_initterm_e
strerror
_errno
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_exit
_beginthreadex
_set_app_type
_get_errno
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
terminate
_controlfp_s
_cexit
_crt_atexit
_getpid
_initterm
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

isupper
strspn
strncpy
strcspn
strncmp
tolower
strpbrk
_strdup

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_unlink
_fstat64
_stat64
_access

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64
strftime

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
strtoll
atoi
wcstombs

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1793dfd23c03e42870ee7d8a5893b46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

crypt32

normaliz

kernel32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 331KB - Virtual size: 331KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 331KB - Virtual size: 331KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB