a94b89c7ff7926ccead39defc57fb4c750d1a6f87e7c340a960bf79da30b297e[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a94b89c7ff7926ccead39defc57fb4c750d1a6f87e7c340a960bf79da30b297e.exe
Size

1.6MB
MD5

c1627423b5a38bd537fdae512d8d78a2
SHA1

59656dbfe2ab0e96a10c44212fca9bdf0ac2dec2
SHA256

a94b89c7ff7926ccead39defc57fb4c750d1a6f87e7c340a960bf79da30b297e
SHA512

e08cd4a0ff0a22fcc9bdbaf20e02769b874bcf4960ca35eccb4ac0bc97f33ff446b7d04a08c0293ca270f5b97c27993cfcba1c0691c1a994be0dff4fb29ce92d
SSDEEP

49152:ZAc57sG0h4r8Jzm/XuPTSAyYmC25SA1oKrsg+SBsg+SBNb4Z7d+:vj9/sAmguSBuSBNb4Z7d+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a94b89c7ff7926ccead39defc57fb4c750d1a6f87e7c340a960bf79da30b297e.exe

Files

a94b89c7ff7926ccead39defc57fb4c750d1a6f87e7c340a960bf79da30b297e.exe
.dll windows:6 windows x64 arch:x64

0ba78fc00bbd9bca332fc0734423adc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\Demo\ipc_sdk_fix\_win_x64\bin\RelWithDebInfo\ipc_core.pdb

Imports

advapi32

OpenProcessToken
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
SystemFunction036

iphlpapi

GetAdaptersAddresses

userenv

GetUserProfileDirectoryW

ws2_32

WSAIoctl
WSARecv
WSASend
WSADuplicateSocketW
htonl
WSARecvFrom
WSASendTo
WSASetLastError
WSAStartup
select
socket
WSASocketW
ntohs
closesocket
getsockopt
setsockopt
WSAGetLastError
htons
bind
ioctlsocket
getpeername
getsockname
listen
shutdown

kernel32

RtlCaptureContext
GetModuleHandleW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
RtlLookupFunctionEntry
InitOnceBeginInitialize
RtlVirtualUnwind
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitOnceComplete
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
VirtualUnlock
VirtualLock
VirtualFree
VirtualProtect
GetLastError
LocalAlloc
LocalFree
GetCurrentProcessId
GetTickCount
CloseHandle
SetErrorMode
CreateIoCompletionPort
GetQueuedCompletionStatus
SetHandleInformation
PostQueuedCompletionStatus
CancelIo
CreateEventW
RegisterWaitForSingleObject
UnregisterWait
VerSetConditionMask
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetSystemInfo
GetModuleFileNameW
VerifyVersionInfoW
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
GetConsoleTitleW
SetConsoleTitleW
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileType
GetConsoleMode
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
CreateSemaphoreW
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW
FlushFileBuffers
ReadFile
WriteFile
DuplicateHandle
SetLastError
ConnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetNamedPipeHandleStateW
SwitchToThread
GetCurrentThread
QueueUserWorkItem
CreateNamedPipeA
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
ReadConsoleW
WriteConsoleW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
WriteConsoleInputW
Sleep
SetConsoleCtrlHandler
GetFileAttributesW
TerminateProcess
GetExitCodeProcess
CreateProcessW
OpenProcess
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LCMapStringW
FormatMessageA
CreateDirectoryW
GetFileInformationByHandle
RemoveDirectoryW
SetFileTime
DeviceIoControl
MoveFileExW
CreateHardLinkW
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
GetModuleHandleA
GetProcAddress
GetStdHandle
CreateFileA
GetStartupInfoW
VirtualAlloc

ole32

CoCreateGuid

msvcp140

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_sleep
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

crypt32

CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptMsgClose

wintrust

WinVerifyTrust

vcruntime140

__std_type_info_destroy_list
__current_exception_context
__current_exception
__C_specific_handler
wcsrchr
wcschr
strchr
__RTDynamicCast
memchr
memset
memcmp
memmove
memcpy
_CxxThrowException
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

__doserrno
exit
abort
_beginthreadex
terminate
_errno
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_crt_at_quick_exit
raise
_set_invalid_parameter_handler
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
_callnewh
realloc

api-ms-win-crt-convert-l1-1-0

wcstombs
atoi

api-ms-win-crt-stdio-l1-1-0

_write
_read
_open_osfhandle
_lseeki64
__p__fmode
__acrt_iob_func
_get_osfhandle
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
_close
__stdio_common_vsprintf
__stdio_common_vsnwprintf_s

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

wcsncmp
strncpy_s
wcsncpy_s
_wcsrev
_wcsnicmp
wcspbrk
_wcsdup

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_umask
_wchmod
_wmkdir
_wrmdir

Exports

Exports

CreateServiceHost
CreateServiceInvoker
DestroyServiceHost
DestroyServiceInvoker
InitIPCCoreRuntime

Sections

.text
Size: 904KB - Virtual size: 903KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ba78fc00bbd9bca332fc0734423adc6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

iphlpapi

userenv

ws2_32

kernel32

ole32

msvcp140

crypt32

wintrust

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 904KB - Virtual size: 903KB

.rdata Size: 210KB - Virtual size: 210KB

.data Size: 46KB - Virtual size: 88KB

.pdata Size: 41KB - Virtual size: 40KB

.idata Size: 19KB - Virtual size: 18KB

.tls Size: 1024B - Virtual size: 782B

.00cfg Size: 512B - Virtual size: 337B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 904KB - Virtual size: 903KB

.rdata
Size: 210KB - Virtual size: 210KB

.data
Size: 46KB - Virtual size: 88KB

.pdata
Size: 41KB - Virtual size: 40KB

.idata
Size: 19KB - Virtual size: 18KB

.tls
Size: 1024B - Virtual size: 782B

.00cfg
Size: 512B - Virtual size: 337B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB