1d1b8ad99c3921009341faac580be6ef024eedefbe574406460d92c0fd8013c8

Sharing

Copy URL Twitter E-mail

General

Target

1d1b8ad99c3921009341faac580be6ef024eedefbe574406460d92c0fd8013c8
Size

49KB
MD5

65899ad8ba61a2a484e7e36100062472
SHA1

7ff547dee217745caca43bf6a4815e0b1b8e671b
SHA256

1d1b8ad99c3921009341faac580be6ef024eedefbe574406460d92c0fd8013c8
SHA512

2e37ce3752b1c4afb577e746ef4e3484ba4fe8d5662eaacb51e80fa6a5259b1422ba5838dc9bbac87f58688495e8ae6393776d3afdf5cb0bf492069c41b6d0f8
SSDEEP

768:WgLAayNZ6A9uoj07MlJjZSNYtcNMkOF7p7+TLFPUagu7:Wgl6ZtuY8QyNmQByag2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d1b8ad99c3921009341faac580be6ef024eedefbe574406460d92c0fd8013c8

Files

1d1b8ad99c3921009341faac580be6ef024eedefbe574406460d92c0fd8013c8
.dll windows:6 windows x64 arch:x64

010bd9a3f754a7f326cd6d926d0a57b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\build\bin\nightly\Beta\x64\Subsystems\common\Caldera.pdb

Imports

licensinginterop

?ValidateLicense@LicensingInterop@@YA?AUValidationStatus@1@PEB_W0@Z
?GetLockingCode@LicensingInterop@@YA?AUReturnStatus@1@XZ
?IsUpgradeAllowed@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetFeatures@LicensingInterop@@YA?AUFeatureStatus@1@XZ
?GetLicenseManagerVersion@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetEdition@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetUserSegment@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetSupportCode@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetMaxVer@LicensingInterop@@YA?AUReturnStatus@1@XZ
?InitializeLicensing@LicensingInterop@@YA?AUReturnStatus@1@PEB_W0000000@Z
?WaitForInitialization@LicensingInterop@@YA?AUReturnStatus@1@_K@Z
?GetLicenseJsonBundle@LicensingInterop@@YA?AUReturnStatus@1@XZ
?HideAnnouncements@LicensingInterop@@YA?AUReturnStatus@1@XZ
?HideRegistration@LicensingInterop@@YA?AUReturnStatus@1@XZ
?HideLicenseNotifications@LicensingInterop@@YA?AUReturnStatus@1@XZ
?HideUpdate@LicensingInterop@@YA?AUReturnStatus@1@XZ
?InitializePersistenceData@LicensingInterop@@YA?AUReturnStatus@1@PEB_W@Z
?HideUpgrade@LicensingInterop@@YA?AUReturnStatus@1@XZ
?ShowLicenseDialogs@LicensingInterop@@YA?AUReturnStatus@1@W4ShowDialog@1@H@Z
?CleanUp@LicensingInterop@@YA?AUReturnStatus@1@XZ
?GetLicenseType@LicensingInterop@@YA?AULicenseTypeStatus@1@XZ

kernel32

RtlCaptureContext
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
Sleep
RtlLookupFunctionEntry
GetComputerNameW
GetThreadId

user32

PostMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
DispatchMessageW
MessageBoxW

msvcp140

_Thrd_detach
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Cnd_wait
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
_Cnd_do_broadcast_at_thread_exit
_Cnd_timedwait
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_counter
_Xtime_get_ticks
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Thrd_join
_Query_perf_frequency

sharedu

?Send@Logger@shr@@QEAAXHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Elapsed@CTimer@shr@@QEBANXZ
??0CTimer@shr@@QEAA@XZ
?SendVAImpl@Logger@shr@@AEAAXHPEB_WZZ
?g_Logger@shr@@3VLogger@1@A
?Start@CTimer@shr@@QEAAXXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__std_type_info_destroy_list
_CxxThrowException
memcpy
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
_purecall
__current_exception
__current_exception_context
memmove

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table
_initterm
_execute_onexit_table
_beginthreadex
_invalid_parameter_noinfo_noreturn
terminate
_cexit
_initterm_e

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

Exports

Exports

??0GemaltoLicensing@lic@@QEAA@XZ
??1GemaltoLicensing@lic@@UEAA@XZ
??_7GemaltoLicensing@lic@@6B@
?AreLicenseResultsReady@GemaltoLicensing@lic@@UEAA_NXZ
?Cleanup@GemaltoLicensing@lic@@UEAAXXZ
?DetachAsync@GemaltoLicensing@lic@@UEAAXXZ
?DoStartLicenseCheck@GemaltoLicensing@lic@@AEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00000I@Z
?GetEdition@GemaltoLicensing@lic@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetFeatures@GemaltoLicensing@lic@@UEAA?AV?$vector@UFeature@LicensingInterop@@V?$allocator@UFeature@LicensingInterop@@@std@@@std@@XZ
?GetLicenseJsonBundle@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@XZ
?GetLicenseManagerVersion@GemaltoLicensing@lic@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetLicenseResultFromFuture@GemaltoLicensing@lic@@UEAA?AULicenseValidationResult@2@XZ
?GetLicenseStatus@GemaltoLicensing@lic@@UEAA?AULicenseTrackingStatus@2@XZ
?GetMaxVer@GemaltoLicensing@lic@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetSupportCode@GemaltoLicensing@lic@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetUserSegment@GemaltoLicensing@lic@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?HandleLicenseResult@GemaltoLicensing@lic@@UEAA_NXZ
?HandleLicenseResultAsync@GemaltoLicensing@lic@@UEAAXPEAUHWND__@@@Z
?InitializePersistenceData@GemaltoLicensing@lic@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsLicenseCheckComplete@GemaltoLicensing@lic@@UEAA_NXZ
?IsUpgradeAllowed@GemaltoLicensing@lic@@UEAA_NXZ
?SetLicExFailure@GemaltoLicensing@lic@@AEAAXXZ
?SetUpdateCheck@GemaltoLicensing@lic@@UEAAX_N@Z
?ShouldHideAnnouncements@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@XZ
?ShouldHideLicenseNotifications@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@XZ
?ShouldHideRegistration@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@XZ
?ShouldHideUpdate@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@XZ
?ShouldHideUpgrade@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@XZ
?ShowLicensingDialog@GemaltoLicensing@lic@@UEAA?AUDialogReturnStatus@2@W4ShowDialog@2@@Z
?StartLicenseCheck@GemaltoLicensing@lic@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00000I@Z
?WaitForInitialization@GemaltoLicensing@lic@@UEAA?AUReturnStatus@LicensingInterop@@_K@Z

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

010bd9a3f754a7f326cd6d926d0a57b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

licensinginterop

kernel32

user32

msvcp140

sharedu

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 256B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 256B