b57723e352e16c37cd6abe50ddb2728217e9cae5a92a7237376cd01ed296605c

Sharing

Copy URL Twitter E-mail

General

Target

b57723e352e16c37cd6abe50ddb2728217e9cae5a92a7237376cd01ed296605c
Size

2.3MB
MD5

5663bfb0d92d68c55723f7ed6bc8220e
SHA1

0718c988a36a8e1827514ae09b9fce416587d31d
SHA256

b57723e352e16c37cd6abe50ddb2728217e9cae5a92a7237376cd01ed296605c
SHA512

3d776212fa92738289b33b6e25b82be07fb2091fb7251d94456c473dfd4b8eb7709f45c7c0126643c54da2a7081a1aa5802ea3d119470f65d2129fa00718a696
SSDEEP

49152:vfYcY6trJ1U5Ke6httPnVMNvp36ijsGSG1+cBlTd:vfGoQ5KeqttV836iYJGMc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b57723e352e16c37cd6abe50ddb2728217e9cae5a92a7237376cd01ed296605c

Files

b57723e352e16c37cd6abe50ddb2728217e9cae5a92a7237376cd01ed296605c
.exe windows:6 windows x86 arch:x86

9f6838e089eed46805202e203cf30954

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Jenkins\jobs\SLB_124\workspace\external_src\SLBStrategy\Release\SLBStrategy.pdb

Imports

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
GetModuleFileNameA
SetStdHandle
HeapQueryInformation
InitializeSListHead
GetCommandLineA
ExitProcess
RtlUnwind
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
ConvertFiberToThread
DeleteFiber
GetModuleHandleExW
GetFileType
GetStdHandle
LCMapStringW
GetCPInfo
GetStringTypeW
OutputDebugStringW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
SetEvent
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalFindAtomW
GlobalAddAtomW
EncodePointer
SystemTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
LoadLibraryA
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
CreateFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FileTimeToLocalFileTime
SetErrorMode
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetVersionExW
GetCurrentThread
FormatMessageW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
GetACP
GetSystemFirmwareTable
LocalFree
LocalAlloc
MoveFileExW
GetTempPathW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
CopyFileW
GetSystemDirectoryW
FindClose
FindFirstFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
SetFileAttributesW
GetShortPathNameW
GetFileAttributesW
CloseHandle
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
DecodePointer
RaiseException
HeapReAlloc
SizeofResource
HeapSize
InitializeCriticalSectionEx
GetNativeSystemInfo
HeapFree
GetProcessHeap
HeapAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
LeaveCriticalSection
Sleep
GetCurrentProcessId
GetCurrentThreadId
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
DeleteCriticalSection
CreateMutexA
InitializeCriticalSection
GetShortPathNameA
MultiByteToWideChar
GetLastError
WideCharToMultiByte
GetTickCount
DeleteFileW
FindResourceW
LoadResource
LockResource
SetFilePointerEx

user32

FindWindowW
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
CallNextHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
IsWindowEnabled
SetWindowTextW
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorW
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessageW
TranslateMessage
GetActiveWindow
GetCursorPos
LoadIconW
FindWindowExW
PostMessageW
GetWindowThreadProcessId
GetForegroundWindow
GetWindowRect
GetDesktopWindow
GetShellWindow
GetClientRect
SetRectEmpty
OffsetRect
GetParent
GetUserObjectInformationW
GetProcessWindowStation
GetSubMenu
GetMenuItemID
GetMenuItemCount
PostQuitMessage
CharUpperW
GetSystemMetrics
UnhookWindowsHookEx
SendMessageW
GetScrollPos
GetWindowTextW
GetWindowLongW
GetWindow
SetCursor
ClientToScreen
RealChildWindowFromPoint
SetTimer
KillTimer
InvalidateRect
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
DestroyMenu
RegisterWindowMessageW
DispatchMessageW
RemovePropW
GetPropW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
SetPropW
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
UpdateWindow
SetMenu
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
DestroyWindow
SetWindowPos
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
GetDlgItem
GetDlgCtrlID
GetFocus
GetKeyState
GetCapture
EnableWindow
GetMenu

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetDeviceCaps
SetBkColor
SetTextColor
SetMapMode
GetClipBox
CreateBitmap
DeleteObject
DeleteDC
Escape

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

CryptEnumProvidersW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
CloseServiceHandle
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegCreateKeyExW
RegCloseKey
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
CryptSignHashW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHChangeNotify
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHGetKnownFolderPath
SHFileOperationW
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathFileExistsA
AssocQueryStringW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
UrlUnescapeW

ole32

CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CoCreateGuid
CoCreateInstance

oleaut32

VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
VariantClear
SysFreeString
SysAllocString

imagehlp

MakeSureDirectoryPathExists

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetCertificateContextProperty

wintrust

WinVerifyTrust

ws2_32

WSACleanup
send
WSAGetLastError
WSASetLastError
closesocket
recv

wininet

InternetConnectW
InternetOpenW
InternetQueryOptionW
InternetSetOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
HttpOpenRequestW

oleacc

CreateStdAccessibleObject
LresultFromObject

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f6838e089eed46805202e203cf30954

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

imagehlp

version

crypt32

wintrust

ws2_32

wininet

oleacc

bcrypt

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 477KB - Virtual size: 477KB

.data Size: 13KB - Virtual size: 39KB

.gfids Size: 3KB - Virtual size: 3KB

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 423KB - Virtual size: 423KB

.reloc Size: 71KB - Virtual size: 71KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 477KB - Virtual size: 477KB

.data
Size: 13KB - Virtual size: 39KB

.gfids
Size: 3KB - Virtual size: 3KB

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 423KB - Virtual size: 423KB

.reloc
Size: 71KB - Virtual size: 71KB