3117afe7280116fa834740f714d641af2e16e3522d8f1dc830bb2ec13afc80c0

Sharing

Copy URL Twitter E-mail

General

Target

3117afe7280116fa834740f714d641af2e16e3522d8f1dc830bb2ec13afc80c0
Size

389KB
MD5

0e4306265217bf62ec9acf40aee445dc
SHA1

eda6993cd9f17932f8f356544844c440ed90b080
SHA256

3117afe7280116fa834740f714d641af2e16e3522d8f1dc830bb2ec13afc80c0
SHA512

2459f48f4d9b60cd5678a2beb4c22cb9336f134d4d225a83145b3a22c41095e083f2d5037865eb2e8d1493019f3b16695bbec1e434e7546b7fcc9324467a3c8c
SSDEEP

6144:wYBCfNHU/oSC9XrRmrHJQPKYjMYb7o1/nBE1c9Rl2BU0g:JIU/oSCuQl79h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3117afe7280116fa834740f714d641af2e16e3522d8f1dc830bb2ec13afc80c0

Files

3117afe7280116fa834740f714d641af2e16e3522d8f1dc830bb2ec13afc80c0
.dll windows:6 windows x64 arch:x64

07bd1490104be41d80eb28b301e62301

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\TemporaryBuilds\azure-adaware-pool-build-de-1\11\s\_build\bin\x64\Release\large_files_manager.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
GetDynamicTimeZoneInformation
GetCurrentThreadId
GetCurrentProcessId
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
WriteFile
GetStdHandle
GetConsoleMode
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
GetLastError
CloseHandle
LocalFree
FormatMessageA
AcquireSRWLockExclusive
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
ReleaseSRWLockExclusive

shell32

SHGetFolderPathW

boost_thread-vc144-mt-x64-1_85

??0thread_data_base@detail@boost@@QEAA@XZ
?notify_all_at_thread_exit@thread_data_base@detail@boost@@UEAAXPEAVcondition_variable@3@PEAVmutex@3@@Z
?start_thread@thread@boost@@AEAAXXZ
??1thread@boost@@QEAA@XZ
??4thread@boost@@QEAAAEAV01@$$QEAV01@@Z
?join@thread@boost@@QEAAXXZ
?interruption_point@this_thread@boost@@YAXXZ
??0thread@boost@@QEAA@XZ
?interrupt@thread@boost@@QEAAXXZ
?joinable@thread@boost@@QEBA_NXZ
??1thread_data_base@detail@boost@@UEAA@XZ

fmt

?format_system_error@v10@fmt@@YAXAEAV?$buffer@D@detail@12@HPEBD@Z
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z
?is_printable@detail@v10@fmt@@YA_NI@Z
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?uncaught_exceptions@std@@YAHXZ
?_Xbad_function_call@std@@YAXXZ
_Cnd_signal
_Cnd_destroy_in_situ
_Mtx_unlock
_Mtx_lock
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_counter
_Query_perf_frequency
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
memcpy
memmove
_purecall
memset
_CxxThrowException
__C_specific_handler
__current_exception_context
__std_terminate
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
__current_exception
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf
fclose
_get_stream_buffer_pointers
fread
fwrite
fgetpos
_fseeki64
__acrt_iob_func
setvbuf
fflush
ungetc
fputc
fgetc
fsetpos

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_execute_onexit_table
_initterm
_initterm_e
abort
_initialize_onexit_table
_initialize_narrow_environment
_register_onexit_function
_seh_filter_dll
_errno
_invalid_parameter_noinfo_noreturn
terminate
_configure_narrow_argv

api-ms-win-crt-time-l1-1-0

strftime
_gmtime64_s
_localtime64_s

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-string-l1-1-0

isdigit

api-ms-win-crt-math-l1-1-0

ceilf
_dsign

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoull

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

Exports

Exports

Create_Kernel
Create_Params

Sections

.text
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

boostdll
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07bd1490104be41d80eb28b301e62301

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

boost_thread-vc144-mt-x64-1_85

fmt

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 247KB - Virtual size: 246KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 36KB - Virtual size: 38KB

.pdata Size: 14KB - Virtual size: 13KB

boostdll Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 247KB - Virtual size: 246KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 36KB - Virtual size: 38KB

.pdata
Size: 14KB - Virtual size: 13KB

boostdll
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB