e867233beee04fce46b4983a6c6da3e67680c341df9e1368e981c999440ca49f

Sharing

Copy URL Twitter E-mail

General

Target

e867233beee04fce46b4983a6c6da3e67680c341df9e1368e981c999440ca49f
Size

741KB
MD5

d0203c83db235dab74eb519e80f7c8dd
SHA1

e3bf12163cb9581792db5a4733bda6882b51fbaa
SHA256

e867233beee04fce46b4983a6c6da3e67680c341df9e1368e981c999440ca49f
SHA512

41a5bd462e687ad6c086512bda5e6bed7368c85b1aeaf1b38d709e13310f3ed7191f27df4530697a1f1e69ffcdc52884c34fae5cd65e27a16f4486a226a1d52d
SSDEEP

12288:OqThL75CQewbaIoHdlZV1nGq4kJXC7/IYjfNqx69DsvmVmicQbqAs2VJ/3H5GbXr:OqThL71CHQHbqT2VR3H5KLkE/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e867233beee04fce46b4983a6c6da3e67680c341df9e1368e981c999440ca49f

Files

e867233beee04fce46b4983a6c6da3e67680c341df9e1368e981c999440ca49f
.dll regsvr32 windows:6 windows x86 arch:x86

a4717ff3b3acc58d9cacf0bde325b4d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\workdir\vc\ProgramDatabase\Release\IDEDetectionModule.pdb

Imports

netapi32

NetMessageBufferSend

ws2_32

select
recv
htons
connect
closesocket
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
gethostname
htonl
send
socket
__WSAFDIsSet
recvfrom
sendto
setsockopt
shutdown
WSARecv
WSASendTo

lua

lua_gettop
lua_close
lua_pushboolean
lua_getglobal
lua_getfield
lua_createtable
lua_newuserdata
lua_getmetatable
lua_setglobal
lua_settable
lua_pushvalue
lua_setmetatable
lua_pcallk
luaL_openlibs
luaL_argerror
luaL_checklstring
luaL_checknumber
lua_pushcclosure
lua_pushstring
luaL_newmetatable
lua_rotate
luaL_checkudata
lua_isuserdata
luaL_loadstring
luaL_newstate
lua_type
lua_pushnumber
lua_rawequal
lua_touserdata
lua_settop
lua_setfield
lua_tolstring
lua_pushinteger

kernel32

IsDebuggerPresent
WaitForSingleObjectEx
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
FormatMessageA
LocalFree
ResetEvent
SetThreadLocale
GetThreadLocale
OutputDebugStringW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
TerminateThread
TlsAlloc
TlsFree
WideCharToMultiByte
IsBadReadPtr
Sleep
LocalAlloc
FormatMessageW
GetCurrencyFormatW
RaiseException
LoadLibraryExW
SetThreadPriority
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
lstrcmpiW
EncodePointer
DecodePointer
FreeLibrary

user32

CharNextW

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW

shell32

ShellExecuteW
SHGetFileInfoW

ole32

CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
StringFromCLSID
OleRun
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemRealloc

oleaut32

VariantInit
VariantClear
VariantCopy
VariantChangeType
VarUdateFromDate
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SetErrorInfo
RegisterTypeLi
UnRegisterTypeLi
GetErrorInfo
SysStringByteLen
SysFreeString
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
CreateErrorInfo

libcurl

curl_slist_append
curl_slist_free_all
curl_easy_cleanup
curl_easy_perform
curl_easy_init
curl_easy_getinfo
curl_easy_strerror
curl_easy_setopt

libeay32

ord3212
ord3866
ord66
ord89
ord109
ord52
ord246
ord224

ssleay32

ord12
ord8
ord6
ord110
ord183
ord174
ord45
ord145
ord1

msvcp140

?id@?$ctype@D@std@@2V0locale@2@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?exceptions@ios_base@std@@QAEXH@Z
?flags@ios_base@std@@QAEHH@Z
?precision@ios_base@std@@QAE_J_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
_Thrd_start
?_Xbad_function_call@std@@YAXXZ
_Thrd_detach
_Thrd_join
_Thrd_id
_Mtx_init
_Mtx_destroy
_Cnd_init
_Cnd_destroy
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_signal
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_XGetLastError@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??Bios_base@std@@QBE_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@D@std@@QBEDD@Z
?_Xlength_error@std@@YAXPBD@Z
_Xtime_get_ticks
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Syserror_map@std@@YAPBDH@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z

concrt140

?_Yield@_Context@details@Concurrency@@SAXXZ
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPAX@Z0@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
??0bad_target@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??1critical_section@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
?_Internal_throw_exception@_Concurrent_queue_base_v4@details@Concurrency@@IBEXXZ
?_Internal_finish_clear@_Concurrent_queue_base_v4@details@Concurrency@@IAEXXZ
?_Internal_empty@_Concurrent_queue_base_v4@details@Concurrency@@IBE_NXZ
?_Internal_pop_if_present@_Concurrent_queue_base_v4@details@Concurrency@@IAE_NPAX@Z
?_Internal_push@_Concurrent_queue_base_v4@details@Concurrency@@IAEXPBX@Z
??1_Concurrent_queue_base_v4@details@Concurrency@@MAE@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IAE@I@Z
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ

libmysql

mysql_store_result
mysql_query
mysql_free_result
mysql_fetch_row
mysql_real_connect
mysql_init
mysql_error
mysql_num_rows
mysql_close

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memchr
memmove
__std_type_info_compare
__RTDynamicCast
wcschr
wcsstr
__std_type_info_name
memset
_purecall
memcpy
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
terminate
_initialize_narrow_environment
_resetstkoflw
_initterm
_initterm_e
strerror
_errno
_invalid_parameter_noinfo
_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_cexit

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_mktime64
wcsftime
_time64

api-ms-win-crt-stdio-l1-1-0

fclose
fflush
fgetc
fgetpos
fputc
fread
_get_stream_buffer_pointers
_fseeki64
fwrite
setvbuf
ungetc
__stdio_common_vswprintf_s
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
fsetpos
__stdio_common_vsprintf
__stdio_common_vswprintf

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
rename

api-ms-win-crt-string-l1-1-0

isdigit
wmemcpy_s
_wcsupr_s
wcscat_s
wcsncpy_s
_wcsicmp
iswspace
towupper
_strnicmp
strncpy_s
strncmp
wcscpy_s
wcsnlen
_wcslwr_s

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
free
malloc
_recalloc
realloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

_gcvt_s
_ultoa_s
_ltoa_s
_itoa_s
_wtof
_wtoi
_wtoi64
atoi
_wtol

api-ms-win-crt-math-l1-1-0

_libm_sse2_pow_precise
_except1

api-ms-win-crt-multibyte-l1-1-0

_mbscmp
_mbslwr_s
_mbsupr_s

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4717ff3b3acc58d9cacf0bde325b4d9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

ws2_32

lua

kernel32

user32

advapi32

shell32

ole32

oleaut32

libcurl

libeay32

ssleay32

msvcp140

concrt140

libmysql

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Exports

Exports

Sections

.text Size: 410KB - Virtual size: 410KB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 25KB - Virtual size: 45KB

.rsrc Size: 127KB - Virtual size: 126KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 410KB - Virtual size: 410KB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 25KB - Virtual size: 45KB

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 36KB - Virtual size: 36KB