17ec7c16d99305640ba78ea61e49c9d392777efdc41f507fce47a270d26d4814

Sharing

Copy URL

Twitter E-mail

General

Target

17ec7c16d99305640ba78ea61e49c9d392777efdc41f507fce47a270d26d4814
Size

1.0MB
MD5

19f323041456218d2834a10d2a612d3a
SHA1

84b89a50898224174c69d7c608625f9373d57bfe
SHA256

17ec7c16d99305640ba78ea61e49c9d392777efdc41f507fce47a270d26d4814
SHA512

8790fa6b77ba7ec17155ccb29b66f516108e200c6b64a7c43b0e63a29910976f9f43ff91eb26b3b5b8206e8d38b17b50d4ce618e45510f9dee53dbab3f194471
SSDEEP

24576:IPNuP4UoE7XBqkQ/VuItvT2LUqKRNh0lhSMXlYIqlbakA:IPNun+uItvbkItl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17ec7c16d99305640ba78ea61e49c9d392777efdc41f507fce47a270d26d4814

Files

17ec7c16d99305640ba78ea61e49c9d392777efdc41f507fce47a270d26d4814
.dll windows:6 windows x64 arch:x64

98fabaec00a22bd616f0be266524f41f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\TemporaryBuilds\azure-adaware-pool-build-de-1\11\s\_build\bin\x64\Release\license_manager.pdb

Imports

kernel32

GetCurrentProcessId
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
WriteFile
GetStdHandle
GetConsoleMode
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
GetDynamicTimeZoneInformation
LocalFree
CreateSemaphoreA
CreateEventA
ReleaseSemaphore
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
WaitForSingleObjectEx
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
InitOnceBeginInitialize
InitOnceComplete
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeCriticalSectionEx
GlobalFree
ProcessIdToSessionId
GetFileInformationByHandleEx
AreFileApisANSI
GetSystemTimeAsFileTime
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW
GetLastError

shell32

SHGetFolderPathW

boost_thread-vc144-mt-x64-1_85

??0thread@boost@@QEAA@XZ
?interrupt@thread@boost@@QEAAXXZ
??4handle_manager@win32@detail@boost@@QEAAAEAV0123@PEAX@Z
?interruption_requested@this_thread@boost@@YA_NXZ
?join@thread@boost@@QEAAXXZ
??4thread@boost@@QEAAAEAV01@$$QEAV01@@Z
??1thread_data_base@detail@boost@@UEAA@XZ
?interruptible_wait@this_thread@boost@@YA_NPEAXAEBUmono_platform_timepoint@detail@2@@Z
??1thread@boost@@QEAA@XZ
?start_thread@thread@boost@@AEAAXXZ
?notify_all_at_thread_exit@thread_data_base@detail@boost@@UEAAXPEAVcondition_variable@3@PEAVmutex@3@@Z
??0thread_data_base@detail@boost@@QEAA@XZ
??1handle_manager@win32@detail@boost@@QEAA@XZ
?duplicate@handle_manager@win32@detail@boost@@QEBAPEAXXZ
?interruption_point@this_thread@boost@@YAXXZ
?joinable@thread@boost@@QEBA_NXZ

fmt

?is_printable@detail@v10@fmt@@YA_NI@Z
?format_system_error@v10@fmt@@YAXAEAV?$buffer@D@detail@12@HPEBD@Z
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z

libcurl

curl_version_info
curl_slist_free_all
curl_slist_append
curl_easy_setopt
curl_easy_perform
curl_easy_getinfo
curl_easy_escape
curl_free
curl_easy_init
curl_easy_cleanup
curl_mime_free

msvcp140

?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exceptions@std@@YAHXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?tolower@?$ctype@D@std@@QEBADD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPEBD@Z
??Bios_base@std@@QEBA_NXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?uncaught_exception@std@@YA_NXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_init_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
_Cnd_signal
_Cnd_destroy_in_situ
_Mtx_unlock
_Mtx_lock
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?classic@locale@std@@SAAEBV12@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?width@ios_base@std@@QEAA_J_J@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memset
__std_type_info_name
memchr
_CxxThrowException
__RTDynamicCast
memmove
__C_specific_handler
__std_type_info_destroy_list
_purecall
__std_type_info_compare
__std_exception_destroy
__std_terminate
__std_exception_copy
memcmp
__current_exception
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

fclose
_get_stream_buffer_pointers
__acrt_iob_func
__stdio_common_vfprintf
fread
fwrite
fgetpos
_fseeki64
fsetpos
__stdio_common_vsprintf
setvbuf
fflush
ungetc
fputc
fgetc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_invalid_parameter_noinfo
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
strerror
_execute_onexit_table
_errno
_invalid_parameter_noinfo_noreturn
terminate
_crt_atexit
_register_onexit_function
_cexit
_initterm
_initterm_e
abort

api-ms-win-crt-time-l1-1-0

_gmtime64_s
strftime
_localtime64_s

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_aligned_malloc
_aligned_free
calloc

api-ms-win-crt-string-l1-1-0

tolower
strncpy
isdigit
_wcsnicmp
strcmp

api-ms-win-crt-math-l1-1-0

_dsign
_fdsign
_ldsign
ceilf

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoul
strtoull

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpGetProxyForUrl

ole32

CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantCopy
SysAllocString

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW

advapi32

GetTokenInformation
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser

Exports

Exports

Create_Kernel
Create_Params

Sections

.text
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

boostdll
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98fabaec00a22bd616f0be266524f41f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

boost_thread-vc144-mt-x64-1_85

fmt

libcurl

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

winhttp

ole32

oleaut32

wtsapi32

advapi32

Exports

Exports

Sections

.text Size: 634KB - Virtual size: 633KB

.rdata Size: 328KB - Virtual size: 328KB

.data Size: 61KB - Virtual size: 67KB

.pdata Size: 30KB - Virtual size: 30KB

boostdll Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 634KB - Virtual size: 633KB

.rdata
Size: 328KB - Virtual size: 328KB

.data
Size: 61KB - Virtual size: 67KB

.pdata
Size: 30KB - Virtual size: 30KB

boostdll
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB