b05a918f20dbb24935db1f1c36614d2737e150cb2fbd7c514aadbd21f07ff03f

Sharing

Copy URL Twitter E-mail

General

Target

b05a918f20dbb24935db1f1c36614d2737e150cb2fbd7c514aadbd21f07ff03f
Size

1.3MB
MD5

ee18e1ec2bdc5e23240d0b161c7338a1
SHA1

d9f3d5e5be61b03d5f58cd0a1f26d256a91242cc
SHA256

b05a918f20dbb24935db1f1c36614d2737e150cb2fbd7c514aadbd21f07ff03f
SHA512

37bff304b3b2089ca07d58429cf6342fdbd449f6bab039238c0724ab889f09a5878ef73677874b4a1608f25da6756b6b0a733c8f2fb038fd58dccbfffe6f61c2
SSDEEP

24576:6k+KpP/Oy2G1jkTrQNVdRg7mYTI5TwZTPvouqFxHgp5DnEbHbqaPobl6bbDFA3m:P1pN/a7vATwtPvkupZEbHOaP5vDFA3m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b05a918f20dbb24935db1f1c36614d2737e150cb2fbd7c514aadbd21f07ff03f

Files

b05a918f20dbb24935db1f1c36614d2737e150cb2fbd7c514aadbd21f07ff03f
.dll windows:6 windows x86 arch:x86

da2abc2cb05f74f1d474fbd17cba7f54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\devel\Eft\Build\Release-Enterprise\Symbols\SSL.pdb

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
FreeLibrary
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
SetLastError
CloseHandle
SystemTimeToFileTime
GetFileType
GetFileAttributesW
GetTickCount64
FormatMessageW
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
GetSystemTime
WriteFile
GetStdHandle
MoveFileW
FormatMessageA
LocalFree
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetLastError
DeleteFileW
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
WaitForSingleObjectEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CopyFileW
LoadLibraryW
Sleep
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
CancelIo
SetFilePointer
SetFileAttributesW
ReadFile
GetFileSizeEx
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
WideCharToMultiByte
GetSystemTimeAsFileTime

user32

MessageBoxA
CharLowerW
GetUserObjectInformationW
GetProcessWindowStation
CharUpperW

advapi32

RegQueryValueExW
RegCloseKey
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegOpenKeyW

msvcp140

?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_BADOFF@std@@3_JB
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?id@?$ctype@_W@std@@2V0locale@2@A
??_7ios_base@std@@6B@
?_Incref@facet@locale@std@@UAEXXZ
?id@?$collate@_W@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Xbad_function_call@std@@YAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??1ios_base@std@@UAE@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
??Bid@locale@std@@QAEIXZ
??1_Facet_base@std@@UAE@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Wcsxfrm
_Wcscoll
_Getcoll
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@

vcruntime140

strstr
__vcrt_InitializeCriticalSectionEx
memchr
wcsstr
__std_exception_destroy
__std_exception_copy
strchr
__std_type_info_destroy_list
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
memmove
_except_handler4_common
_purecall

api-ms-win-crt-runtime-l1-1-0

_initterm
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_errno
raise
_exit
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_wassert
signal
abort
strerror

api-ms-win-crt-string-l1-1-0

isupper
strncpy
isspace
tolower
_strnicmp
isdigit
strcmp
isxdigit
_stricmp
wcscpy_s
strncmp
strcat_s

api-ms-win-crt-stdio-l1-1-0

rewind
fputs
__stdio_common_vfprintf
__stdio_common_vfscanf
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
fclose
__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf
_wfopen_s
_setmode
fwrite
ftell
fseek
fread
fopen
_fileno
fgets
fflush
ferror
feof
_wfopen

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_callnewh

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
atol

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-math-l1-1-0

_except1

ws2_32

send
WSAGetLastError
recv
htons
htonl
setsockopt
shutdown
connect
closesocket
socket
WSASetLastError
WSAStartup
getservbyname
gethostbyname
ntohs
getsockopt
ioctlsocket

Exports

Exports

SSL_Accept
SSL_AddFileToStore
SSL_CertExpiresIn
SSL_CertOneLineInfo
SSL_CheckCertTimeValidity
SSL_CheckCertValid
SSL_CheckExpired
SSL_CipherListContainsWeakCiphers
SSL_CleanupCurrentThread
SSL_CompareCert
SSL_Connect
SSL_ConnectEx
SSL_ConvertCertToPEM
SSL_ConvertPublicKeyToPEM
SSL_CreateCertPKCS
SSL_CreateClient
SSL_CreateClientEx
SSL_CreateClientEx2
SSL_CreateServerEx
SSL_CryptDES
SSL_CryptMD5UnixPassword
SSL_CryptSHA512UnixPassword
SSL_EnterFIPSMode
SSL_ExpandCipherList
SSL_ExportCertExt
SSL_GetAvailableProtocolVersions
SSL_GetCertInfo
SSL_GetCertSize
SSL_GetCertsFromFile
SSL_GetCipherComponentList
SSL_GetCipherComponents
SSL_GetCipherList
SSL_GetCipherListFromComponents
SSL_GetCipherSuite
SSL_GetClientSANEmail
SSL_GetClientSANOtherName
SSL_GetCurrentCipher
SSL_GetDefaultCipherString
SSL_GetLastError
SSL_GetLibVersion
SSL_GetMD4SKey
SSL_GetMD5Hash
SSL_GetMD5InBase64
SSL_GetMD5SKey
SSL_GetOCSPLastError
SSL_GetPBKDF2SHA1In64Base
SSL_GetPeerCert
SSL_GetRand_bytes
SSL_GetSHA256
SSL_GetSHA256InBase64
SSL_GetSHA256InBase64ASCII
SSL_GetSSLVersion
SSL_GetSocketBySSL
SSL_GetSocketByStoreCTX
SSL_GetTruncatedMD4
SSL_GetTruncatedMD5
SSL_GetVersions
SSL_GetVersionsEnabledByDefault
SSL_ImportCert
SSL_Init
SSL_IsFIPSMode
SSL_IsPeerCertEqual
SSL_LoadPFXKey
SSL_MoveCertificate
SSL_ParseVersionSupportString
SSL_PeerOneLineInfo
SSL_RandUInt
SSL_Read
SSL_Release
SSL_RemoveCertFromFile
SSL_RequestPeerCert
SSL_SaveStore
SSL_SetCertInfo
SSL_SetClientCert
SSL_SetOCSPOptions
SSL_ShouldRetry
SSL_ShutDown
SSL_SignCert
SSL_ValidateCipherString
SSL_ValidateProtocolVersionMask
SSL_VerifySocket
SSL_Write
SSL_X509_FreeEncodedBuffer
SSL_X509_GetEncodedBuffer
SSL_verify_callback
SSL_verify_func
SSL_verify_func_server

Sections

.text
Size: 963KB - Virtual size: 963KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da2abc2cb05f74f1d474fbd17cba7f54

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

ws2_32

Exports

Exports

Sections

.text Size: 963KB - Virtual size: 963KB

.rdata Size: 274KB - Virtual size: 273KB

.data Size: 37KB - Virtual size: 46KB

.gfids Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 46KB - Virtual size: 45KB

.text
Size: 963KB - Virtual size: 963KB

.rdata
Size: 274KB - Virtual size: 273KB

.data
Size: 37KB - Virtual size: 46KB

.gfids
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 46KB - Virtual size: 45KB