d6fe6d13e85f5be527d77dcae686b5952ef75414f2eafee1e532499b81c9bed0

Sharing

Copy URL Twitter E-mail

General

Target

d6fe6d13e85f5be527d77dcae686b5952ef75414f2eafee1e532499b81c9bed0
Size

353KB
MD5

ecf295561d3c899834470eb2448cda8b
SHA1

049668ce61ac248cdba95aa381a8f7ab33194c91
SHA256

d6fe6d13e85f5be527d77dcae686b5952ef75414f2eafee1e532499b81c9bed0
SHA512

e8d75e2098f9c386dfde227b56912c1901114a45db196c7e6594deab48f3543b9062d709eb703a30a8d59cc5b7d253bd9bb544e7eda4e7da31f479132646d2fb
SSDEEP

6144:L8Q87FgtosbupCaatc6fPBdnWHZPqfCdRhWqBtSzld/h7R69c3eGb4LGF:LP87etosassZyihWeEzXZoiOG+G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6fe6d13e85f5be527d77dcae686b5952ef75414f2eafee1e532499b81c9bed0

Files

d6fe6d13e85f5be527d77dcae686b5952ef75414f2eafee1e532499b81c9bed0
.dll windows:6 windows x64 arch:x64

00a0847f3049ac0daf9e5d9e470daf88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildworker\source2_dota_rel_2019_win64\build\_build_\schemasystem\_vpc_schemasystem\default\win64\_msvc_\Retail\schemasystem.pdb

Imports

user32

EndDialog
SetWindowPos
GetWindowRect
SetDlgItemTextA
DialogBoxParamA
GetDesktopWindow

tier0

V_UInt64ToString_Unsafe
V_Int32ToString_Unsafe
GetCPUInformation
_V_strncpy
?Format@CBufferString@@QEAAHPEBDZZ
?Lock@CThreadSpinMutex@@AECAXPEBDHII@Z
Plat_GetModuleProcAddress
?Find@CUtlSymbolTable@@QEBA?AVCUtlSymbol@@PEBDH@Z
LoggingSystem_RegisterLoggingChannel
?Assert_ConditionFailed@@YA_NAEBU_AssertCompileTimeConstantStruct_t@@PEBDZZ
??0CUtlMemoryPoolBase@@QEAA@HHHW4MemoryPoolGrowType_t@@PEBDW4MemAllocAttribute_t@@@Z
??1CUtlMemoryPoolBase@@QEAA@XZ
?Alloc@CUtlMemoryPoolBase@@QEAAPEAXXZ
?Free@CUtlMemoryPoolBase@@QEAAXPEAX@Z
?ClearDestruct@CUtlMemoryPoolBase@@IEAAXP6AXPEAX@Z@Z
Msg
Plat_LoadModule
V_DoubleToString_Unsafe
MemAlloc_StrDupFunc
?Alloc@CRawAllocator@@SAPEAXW4RawAllocatorType_t@@_KPEA_K@Z
??0CUtlMemoryBlockAllocator@@QEAA@HIW4RawAllocatorType_t@@@Z
??1CUtlMemoryBlockAllocator@@QEAA@XZ
?Purge@CUtlMemoryBlockAllocator@@QEAAXXZ
?Alloc@CUtlMemoryBlockAllocator@@QEAAII@Z
Plat_RegisterModule
V_qsort_s
V_StringParseError
Plat_NonFatalErrorFunc
GetDefaultMiniDumpTypeFlags
InvokeMiniDumpHandler
Plat_GetTime
EarlyInit_Tier0
?TruncateAt@CBufferString@@QEAAPEBDH_N@Z
?TrimTail@CBufferString@@QEAAPEBDPEBD@Z
Plat_FatalErrorFunc
?IsEqual_CaseSensitive@CUtlString@@QEBA_NPEBD@Z
V_containsWhitespace
Plat_UnloadModule
?UnlockWrite@CThreadSpinRWLock@@QEAAXPEBDH@Z
?SpinLockForWrite@CThreadSpinRWLock@@AEAAXPEBDHI@Z
?AppendFormatV@CBufferString@@QEAAHPEBDPEAD@Z
??0CUtlSymbolTable@@QEAA@HH_N@Z
??1CUtlSymbolTable@@QEAA@XZ
?AddString@CUtlSymbolTable@@QEAA?AVCUtlSymbol@@PEBDPEA_N@Z
?Find@CUtlSymbolTable@@QEBA?AVCUtlSymbol@@PEBD@Z
UtlMemory_FailedAllocation
V_stricmp_fast
?LoggingSystem_Log@@YA?AW4LoggingResponse_t@@HW4LoggingSeverity_t@@PEBULoggingMetaData_t@@PEBDZZ
?LoggingSystem_Log@@YA?AW4LoggingResponse_t@@HW4LoggingSeverity_t@@VColor@@PEBDZZ
?Set@CUtlString@@QEAAXPEBD@Z
??YCUtlString@@QEAAAEAV0@PEBD@Z
V_vsnprintf
UtlMemory_CalcNewAllocationCount
?V_stristr_fast@@YAPEBDPEBD0@Z
?LockForRead@CThreadSpinRWLock@@QEAAXPEBDH@Z
?UnlockRead@CThreadSpinRWLock@@QEAAXPEBDH@Z
V_PrettifyNum
V_qsort
?Insert@CBufferString@@QEAAPEBDHPEBDH_N@Z
?Purge@CBufferString@@QEAAXH@Z
?ToLowerFast@CBufferString@@QEAAXH@Z
?Free@CRawAllocator@@SAXW4RawAllocatorType_t@@PEAX_K@Z
CMemAllocSystemInitialize
Warning
g_bUpdateStringTokenDatabase
UtlMemory_Alloc
RegisterStringToken
Plat_ExitProcess
CommandLine
??0CUtlBuffer@@QEAA@HHH@Z
?Printf@CUtlBuffer@@QEAAXPEBDZZ
?LoggingSystem_Log@@YA?AW4LoggingResponse_t@@HW4LoggingSeverity_t@@AEBULeafCodeInfo_t@@PEBDZZ
LoggingSystem_Log
?Format@CUtlString@@QEAAHPEBDZZ
?FreeMemoryBlock@CUtlString@@AEAAXXZ
g_pMemAlloc
LoggingSystem_IsChannelEnabled
Plat_IsInDebugSession
Plat_IsInTestMode
V_Int64ToString_Unsafe
V_StringToInt32
??HCUtlString@@QEBA?AV0@PEBD@Z
?AppendFormat@CBufferString@@QEAAHPEBDZZ

kernel32

WriteConsoleW
CreateFileW
SetStdHandle
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
GetFileType
GetStdHandle
LCMapStringW
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
TerminateProcess
GetCurrentProcess
EncodePointer
SetLastError
InterlockedFlushSList
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetModuleHandleW
GetSystemTimeAsFileTime
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
InitializeCriticalSectionAndSpinCount
GetLastError
TlsAlloc
GetProcAddress
FreeLibrary
TlsGetValue
TlsFree
LoadLibraryExW
QueryPerformanceCounter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

Exports

Exports

BinaryProperties_GetValue
CreateInterface
GetResourceManifestCount
GetResourceManifests
InstallSchemaBindings

Sections

.text
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00a0847f3049ac0daf9e5d9e470daf88

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

tier0

kernel32

Exports

Exports

Sections

.text Size: 226KB - Virtual size: 225KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 9KB - Virtual size: 48KB

.pdata Size: 14KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 226KB - Virtual size: 225KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 9KB - Virtual size: 48KB

.pdata
Size: 14KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 4KB - Virtual size: 4KB