956b51b7fe92e70fc62899acff702db14399fac4795d594c926bb5d04488cea0

Sharing

Copy URL Twitter E-mail

General

Target

956b51b7fe92e70fc62899acff702db14399fac4795d594c926bb5d04488cea0
Size

49KB
MD5

474d8c583be78ea11c9d7f4bacd2ed60
SHA1

9f86e17db577fadb23834dca7e280d01e35c54a7
SHA256

956b51b7fe92e70fc62899acff702db14399fac4795d594c926bb5d04488cea0
SHA512

b0892be7181f77bf5ae37065d32325902fd0d5b5ecaf05c9cdab9ce3691f5b3a4a0444b6e1961809c4626eb7799990d427a02a3a881216524f71f353381133b5
SSDEEP

768:KAMi3/NJls+5WTdt1Sl2U/RKsr2/2+GuRkNA8SfZCCTSpr:KA/3lLs+5Oh65J7rU2PuZUuSpr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
956b51b7fe92e70fc62899acff702db14399fac4795d594c926bb5d04488cea0

Files

956b51b7fe92e70fc62899acff702db14399fac4795d594c926bb5d04488cea0
.dll windows:6 windows x64 arch:x64

0f7c0f1dd290313e191556c1c36b91a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\build\bin\nightly\Grapher23\x64\Subsystems\common\Caldera.pdb

Imports

licensinginterop

?ValidateLicense@LicensingInterop@@YA?AUValidationStatus@1@PEB_W0@Z
?GetLockingCode@LicensingInterop@@YA?AUReturnStatus@1@XZ
?IsUpgradeAllowed@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetFeatures@LicensingInterop@@YA?AUFeatureStatus@1@XZ
?GetLicenseManagerVersion@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetEdition@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetUserSegment@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetSupportCode@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetMaxVer@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetLicenseType@LicensingInterop@@YA?AULicenseTypeStatus@1@XZ
?HideAnnouncements@LicensingInterop@@YA?AUReturnStatus@1@XZ
?HideRegistration@LicensingInterop@@YA?AUReturnStatus@1@XZ
?HideLicenseNotifications@LicensingInterop@@YA?AUReturnStatus@1@XZ
?HideUpdate@LicensingInterop@@YA?AUReturnStatus@1@XZ
?HideUpgrade@LicensingInterop@@YA?AUReturnStatus@1@XZ
?InitializePersistenceData@LicensingInterop@@YA?AUReturnStatus@1@PEB_W@Z
?ShowLicenseDialogs@LicensingInterop@@YA?AUReturnStatus@1@W4ShowDialog@1@H@Z
?CleanUp@LicensingInterop@@YA?AUReturnStatus@1@XZ
?InitializeLicensing@LicensingInterop@@YA?AUReturnStatus@1@PEB_W0000000@Z

kernel32

RtlCaptureContext
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetComputerNameW
GetThreadId
Sleep

user32

PostMessageW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW

msvcp140

_Thrd_detach
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Cnd_wait
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
_Cnd_do_broadcast_at_thread_exit
_Cnd_timedwait
_Thrd_join
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Query_perf_counter
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_frequency
_Xtime_get_ticks
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z

sharedu

?g_Logger@shr@@3VLogger@1@A
?Start@CTimer@shr@@QEAAXXZ
??0CTimer@shr@@QEAA@XZ
?Send@Logger@shr@@QEAAXHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Elapsed@CTimer@shr@@QEBANXZ
?SendVAImpl@Logger@shr@@AEAAXHPEB_WZZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
memcpy
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
_purecall
__current_exception
__current_exception_context
_CxxThrowException
__std_type_info_destroy_list
memmove

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
terminate
_invalid_parameter_noinfo_noreturn
_beginthreadex

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

Exports

Exports

??0GemaltoLicensing@lic@@QEAA@XZ
??1GemaltoLicensing@lic@@UEAA@XZ
??_7GemaltoLicensing@lic@@6B@
?AreLicenseResultsReady@GemaltoLicensing@lic@@UEAA_NXZ
?Cleanup@GemaltoLicensing@lic@@UEAAXXZ
?DetachAsync@GemaltoLicensing@lic@@UEAAXXZ
?DoStartLicenseCheck@GemaltoLicensing@lic@@AEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00000I@Z
?GetEdition@GemaltoLicensing@lic@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetFeatures@GemaltoLicensing@lic@@UEAA?AV?$vector@UFeature@LicensingInterop@@V?$allocator@UFeature@LicensingInterop@@@std@@@std@@XZ
?GetLicenseManagerVersion@GemaltoLicensing@lic@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetLicenseResultFromFuture@GemaltoLicensing@lic@@UEAA?AULicenseValidationResult@2@XZ
?GetLicenseStatus@GemaltoLicensing@lic@@UEAA?AULicenseTrackingStatus@2@XZ
?GetMaxVer@GemaltoLicensing@lic@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetSupportCode@GemaltoLicensing@lic@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetUserSegment@GemaltoLicensing@lic@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?HandleLicenseResult@GemaltoLicensing@lic@@UEAA_NXZ
?HandleLicenseResultAsync@GemaltoLicensing@lic@@UEAAXPEAUHWND__@@@Z
?InitializePersistenceData@GemaltoLicensing@lic@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsLicenseCheckComplete@GemaltoLicensing@lic@@UEAA_NXZ
?IsUpgradeAllowed@GemaltoLicensing@lic@@UEAA_NXZ
?SetLicExFailure@GemaltoLicensing@lic@@AEAAXXZ
?SetUpdateCheck@GemaltoLicensing@lic@@UEAAX_N@Z
?ShouldHideAnnouncements@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@XZ
?ShouldHideLicenseNotifications@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@XZ
?ShouldHideRegistration@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@XZ
?ShouldHideUpdate@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@XZ
?ShouldHideUpgrade@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@XZ
?ShowLicensingDialog@GemaltoLicensing@lic@@UEAA?AUDialogReturnStatus@2@W4ShowDialog@2@@Z
?StartLicenseCheck@GemaltoLicensing@lic@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00000I@Z

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f7c0f1dd290313e191556c1c36b91a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

licensinginterop

kernel32

user32

msvcp140

sharedu

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 248B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 248B