9d368feedd7bfdc61dd638958b695255c67890776057ae14264e893d86455366

Sharing

Copy URL

Twitter E-mail

General

Target

9d368feedd7bfdc61dd638958b695255c67890776057ae14264e893d86455366
Size

8.4MB
MD5

fe3b1b940258e26366cf96539b257b46
SHA1

e61a2fef0b4279d311e3555a3218a58761709507
SHA256

9d368feedd7bfdc61dd638958b695255c67890776057ae14264e893d86455366
SHA512

dcb1051d5660b50e9fd1440d5575c0efc6eda0d063a5897782c5c6ce5c6014d0baf962baa997bb993d3fd8d4d9e4d8d8fa3b03ac0499b394b9b4c27388c8ce6f
SSDEEP

196608:VdXOeMr8SHEsO0ZS+6I2k+tR6pOdvsp7Blf:VdXOjb6HIyBs1Bl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d368feedd7bfdc61dd638958b695255c67890776057ae14264e893d86455366

Files

9d368feedd7bfdc61dd638958b695255c67890776057ae14264e893d86455366
.exe windows:6 windows x86 arch:x86

a08f4f20f538095371d0c5104f32ed3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work2023\leigod_sdk\leishensdk\bin\Release\leishenSdk.pdb

Imports

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CryptMsgGetParam
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CertFindCertificateInStore
CertGetNameStringW
CertOpenStore
CertOpenSystemStoreW
CertGetNameStringA
CryptQueryObject

ws2_32

gethostname
closesocket
sendto
recvfrom
bind
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
htons
WSACloseEvent
getservbyname
getservbyport
gethostbyaddr
__WSAFDIsSet
WSAIoctl
select
ntohl
WSASetLastError
socket
htonl
inet_ntoa
gethostbyname
ntohs
InetNtopW
WSACleanup
WSAGetLastError
getnameinfo
ioctlsocket
freeaddrinfo
recv
WSAStartup
inet_addr
getpeername
getsockname
WSAAddressToStringW
getsockopt
setsockopt
accept
WSASend
shutdown
listen
WSASocketW
WSARecv
getaddrinfo
send
connect
WSACreateEvent

wldap32

ord145
ord219
ord46
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

UnmapViewOfFile
GetFileInformationByHandle
FileTimeToSystemTime
GetLocalTime
GetFileSize
CreateFileMappingW
MapViewOfFile
GetTickCount
GetPrivateProfileIntW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
SystemTimeToTzSpecificLocalTime
GetSystemTime
lstrlenW
CreateMutexW
FormatMessageW
SetEvent
LocalFree
FormatMessageA
CreateEventA
OpenMutexW
SetLastError
Sleep
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryW
GetProcAddress
CreateProcessW
GetModuleHandleW
FreeLibrary
lstrcpyW
HeapFree
WaitForSingleObjectEx
QueryPerformanceFrequency
DeleteFileW
HeapAlloc
SetCurrentDirectoryW
GetProcessHeap
QueryPerformanceCounter
LocalAlloc
WritePrivateProfileStringW
SetFileAttributesW
GetPrivateProfileStringW
CreateNamedPipeW
ConnectNamedPipe
OutputDebugStringA
WaitForMultipleObjects
OpenProcess
CreateEventW
CopyFileW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
WritePrivateProfileSectionW
GetStartupInfoW
CreatePipe
RemoveVectoredExceptionHandler
VirtualProtect
GetCurrentProcess
OutputDebugStringW
GetNativeSystemInfo
RaiseException
AddVectoredExceptionHandler
IsWow64Process
CopyFileA
CreateProcessA
LCMapStringA
GetStringTypeExA
GetUserDefaultLCID
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
TerminateProcess
K32GetModuleFileNameExW
GetVersionExW
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetSystemInfo
lstrcmpW
GetExitCodeProcess
CreatePrivateNamespaceW
OpenPrivateNamespaceW
CreateBoundaryDescriptorW
OpenEventW
OpenFileMappingW
ResetEvent
AddSIDToBoundaryDescriptor
InitializeCriticalSectionEx
DecodePointer
WinExec
GetConsoleScreenBufferInfo
SetPriorityClass
SetConsoleTextAttribute
GetStdHandle
SystemTimeToFileTime
GetDynamicTimeZoneInformation
GetConsoleMode
FindFirstFileW
GetFullPathNameW
FindNextFileW
FindClose
SetThreadAffinityMask
SetConsoleCtrlHandler
GetCurrentThread
GetQueuedCompletionStatus
TerminateThread
CreateIoCompletionPort
GetSystemTimes
SetWaitableTimer
TlsSetValue
CreateWaitableTimerW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
PostQueuedCompletionStatus
TlsAlloc
CancelIoEx
QueueUserAPC
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
ReleaseSemaphore
WaitForMultipleObjectsEx
CreateSemaphoreA
RemoveDirectoryW
GetSystemDirectoryW
GetWindowsDirectoryW
SetNamedPipeHandleState
WaitNamedPipeA
CreateNamedPipeA
DisconnectNamedPipe
CreateFileA
FlushFileBuffers
GetCommandLineW
TryEnterCriticalSection
VirtualQuery
SetThreadPriority
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetFileType
GetEnvironmentVariableW
VirtualAlloc
VirtualFree
GetModuleHandleExW
MoveFileExW
SetHandleInformation
GetOverlappedResult
CancelIo
CreateFileMappingA
GetEnvironmentVariableA
CompareFileTime
PeekNamedPipe
SwitchToFiber
DeleteFiber
CreateFiber
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetACP
ConvertFiberToThread
ConvertThreadToFiber
WideCharToMultiByte
K32GetProcessImageFileNameW
lstrcatW
GetStringTypeW
QueryDosDeviceW
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateWaitableTimerA
GetLogicalProcessorInformation
ResumeThread
OpenEventA
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentDirectoryW
CloseHandle
LocalFileTimeToFileTime
MultiByteToWideChar
GetFileAttributesW
CreateFileW
SetFilePointer
SetFileTime
WriteFile
ReadFile
CreateDirectoryW
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
SetEnvironmentVariableW
GetDriveTypeW
GetConsoleCP
SetFilePointerEx
GetFileSizeEx
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
SetEndOfFile
IsValidCodePage
GetOEMCP
GetCommandLineA
HeapSize
WriteConsoleW
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
QueueUserWorkItem
IsProcessorFeaturePresent
EncodePointer
DeviceIoControl
AreFileApisANSI
GetFileAttributesExW
FindFirstFileExW
GetExitCodeThread
SwitchToThread
DuplicateHandle
WriteConsoleA

user32

PostQuitMessage
LoadStringA
GetSystemMetrics
UnregisterClassW
SetForegroundWindow
GetWindowTextW
GetClientRect
BringWindowToTop
GetForegroundWindow
AttachThreadInput
ShowWindow
SendMessageW
SetWindowPos
MapWindowPoints
CopyRect
EnumWindows
GetClassNameW
GetDesktopWindow
wsprintfW
IsWindowVisible
FindWindowA
SendMessageA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
DestroyWindow
WaitMessage
DispatchMessageW
SetTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
TranslateMessage
KillTimer
FindWindowW
DefWindowProcW
CreateWindowExW
RegisterClassExW
GetWindowThreadProcessId
PostMessageW

advapi32

CryptReleaseContext
OpenEventLogW
ReadEventLogW
CloseEventLog
RegNotifyChangeKeyValue
RegQueryValueExA
RegCloseKey
RegCreateKeyW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExW
CryptEnumProvidersA
CryptAcquireContextA
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
QueryServiceStatus
RegOpenKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
CryptHashData
CryptGetHashParam
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
RegOpenKeyExW
RegDeleteValueW
CryptAcquireContextW
RegEnumKeyExW
RegQueryInfoKeyW
QueryServiceStatusEx
OpenServiceW
StartServiceW
RegCreateKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetSecurityDescriptorSacl
OpenProcessToken
SetSecurityInfo
RegSetKeyValueW

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ShellExecuteA
SHGetPathFromIDListW
SHGetFolderPathW
ord165
SHCreateDirectoryExW
ShellExecuteW

ole32

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
OleUninitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
CoInitialize
OleInitialize

oleaut32

VariantClear
VariantInit
SafeArrayDestroy
SysAllocString
SafeArrayPutElement
SafeArrayCreateVector
SysFreeString

shlwapi

StrCpyW
PathAppendW
StrStrIW
PathRemoveFileSpecW
PathFindFileNameW
StrStrIA
PathFileExistsW

iphlpapi

GetExtendedUdpTable
GetExtendedTcpTable
GetAdaptersAddresses
IcmpSendEcho2
GetAdaptersInfo
IcmpCreateFile

imm32

ImmDisableIME

msi

ord173
ord217

mswsock

AcceptEx
GetAcceptExSockaddrs

bcrypt

BCryptGenRandom

winmm

timeKillEvent
timeSetEvent
timeGetTime
timeGetDevCaps

Exports

Exports

??0WebSockServer@@AAE@XZ
??0WebSockServer@@QAE@$$QAV0@@Z
??0WebSockServer@@QAE@ABV0@@Z
??0WebSocketClient@@AAE@XZ
??0WebSocketClient@@QAE@$$QAV0@@Z
??0WebSocketClient@@QAE@ABV0@@Z
??1WebSockServer@@QAE@XZ
??1WebSocketClient@@QAE@XZ
??4WebSockServer@@QAEAAV0@$$QAV0@@Z
??4WebSockServer@@QAEAAV0@ABV0@@Z
??4WebSocketClient@@QAEAAV0@$$QAV0@@Z
??4WebSocketClient@@QAEAAV0@ABV0@@Z
?Close@WebSockServer@@QAEXPAX@Z
?CloseAll@WebSockServer@@QAEXXZ
?Init@WebSockServer@@QAEHGV?$function@$$A6AXPAX@Z@boost@@V?$function@$$A6AXPAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@3@V?$function@$$A6AXPAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4WsOpcode@@@Z@3@_NPAX@Z
?Init@WebSocketClient@@QAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6AXPAX@Z@boost@@@Z
?Instance@WebSockServer@@SAAAV1@XZ
?Instance@WebSocketClient@@SAAAV1@XZ
?Send@WebSockServer@@QAE_NPAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4WsOpcode@@@Z
?StartServer@WebSockServer@@QAE_NXZ
?StopListening@WebSockServer@@QAEXXZ
?StopServer@WebSockServer@@QAEXXZ
?__autoclassinit2@WebSockServer@@QAEXI@Z
?__autoclassinit2@WebSocketClient@@QAEXI@Z
?terminate@WebSocketClient@@QAEXXZ

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 808KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a08f4f20f538095371d0c5104f32ed3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

wldap32

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

imm32

msi

mswsock

bcrypt

winmm

Exports

Exports

Sections

.text Size: 5.8MB - Virtual size: 5.8MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 100KB - Virtual size: 386KB

.rsrc Size: 808KB - Virtual size: 808KB

.reloc Size: 304KB - Virtual size: 303KB

.text
Size: 5.8MB - Virtual size: 5.8MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 100KB - Virtual size: 386KB

.rsrc
Size: 808KB - Virtual size: 808KB

.reloc
Size: 304KB - Virtual size: 303KB