ea9c85e8d44bc5d7b98a5f6f15c0929841ebdabf62e412247b112ca21de55287

Sharing

Copy URL Twitter E-mail

General

Target

ea9c85e8d44bc5d7b98a5f6f15c0929841ebdabf62e412247b112ca21de55287
Size

14.2MB
MD5

71305067261ad445d787ba9b8a8f5343
SHA1

3a82a3e6b38355a78129497eb50c8ff257b963e6
SHA256

ea9c85e8d44bc5d7b98a5f6f15c0929841ebdabf62e412247b112ca21de55287
SHA512

9a4a8013c61ca3cc5e07c987f630c4e2420283a9ecc9429eefb15777969f86222913757b84285c3bcc16b9cfd20ac2a3627e8be72e07798ab5e5378b989e0b4c
SSDEEP

196608:mFSRLL6mXjJTP8MWPkBxjNhvUzWMaIrdK3nDUpvbnqD86AF+d+DXjO2:mwRFTPgkBxjP+xaIBK3nDURDFLDXjO2

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea9c85e8d44bc5d7b98a5f6f15c0929841ebdabf62e412247b112ca21de55287

Files

ea9c85e8d44bc5d7b98a5f6f15c0929841ebdabf62e412247b112ca21de55287
.exe windows:6 windows x86 arch:x86

ee7e9397f1dbc886b52174ff04fc0ac1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceW
QueueUserAPC
LocalFree
DeleteCriticalSection
WideCharToMultiByte
lstrcpyW
SleepEx
GetTempFileNameW
FormatMessageA
CreateIoCompletionPort
CloseHandle
GlobalAlloc
LockResource
TerminateThread
SetEvent
GetLastError
FormatMessageW
CreateEventW
PostQueuedCompletionStatus
WaitForSingleObject
FindClose
GetTempPathW
EnumResourceNamesW
GetEnvironmentVariableW
GetQueuedCompletionStatus
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetTimeZoneInformation
SetEndOfFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
GetConsoleOutputCP
EnumResourceTypesW
CreateWaitableTimerW
lstrlenW
EnterCriticalSection
SetLastError
SetWaitableTimer
FindFirstFileW
SizeofResource
CreateDirectoryW
FlushFileBuffers
HeapAlloc
GetFileSizeEx
HeapSize
HeapReAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetFilePointerEx
SetStdHandle
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
ExitProcess
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
GetFileAttributesW
CreateFile2
MultiByteToWideChar
IsValidCodePage
GetACP
GetOEMCP
CreateFileA
CreateFileW
GetFileAttributesA
GetFileInformationByHandle
GetFileType
GetFullPathNameW
ReadFile
WriteFile
PeekNamedPipe
GetExitCodeProcess
Sleep
GetStdHandle
SearchPathA
DuplicateHandle
SetHandleInformation
CreatePipe
GetCurrentProcess
CreateProcessA
OpenProcess
GetProcAddress
LoadLibraryA
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetModuleHandleW
InitializeCriticalSection
ReleaseSemaphore
GetExitCodeThread
CreateSemaphoreA
VirtualFree
GetCurrentProcessId
GetSystemTimeAsFileTime
GetSystemTime
SystemTimeToFileTime
GetSystemDirectoryA
FreeLibrary
LoadLibraryW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetShortPathNameW
GetModuleFileNameW
CreateEventA
CreateThread
SetThreadPriority
ResumeThread
RaiseException
GetLocaleInfoEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
GetCurrentDirectoryW
FindFirstFileExW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
TryAcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
CompareStringEx
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter

user32

MessageBoxW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

shell32

ShellExecuteW

ws2_32

connect
closesocket
setsockopt
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
shutdown
getpeername
recvfrom
inet_ntoa
inet_addr
htons
htonl
WSAGetLastError
gethostbyname
select
ntohs
getsockopt
getsockname
ioctlsocket
WSACleanup
WSAStartup
sendto
send
socket

shlwapi

PathFileExistsW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreW

winmm

midiInGetNumDevs
midiOutLongMsg
midiOutShortMsg
midiOutUnprepareHeader
midiOutPrepareHeader
midiOutClose
midiOutOpen
midiOutGetDevCapsA
midiOutGetNumDevs
midiInOpen
midiInClose
midiInPrepareHeader
midiInReset
midiInStop
midiInStart
midiInAddBuffer
midiInUnprepareHeader
midiInGetDevCapsA

mfplat

MFCreateMediaType
MFCreateSample
MFCreateMemoryBuffer
MFShutdown
MFStartup

advapi32

CryptCreateHash
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey

ole32

CoCreateInstance
PropVariantClear
CoTaskMemFree
CoInitialize
CoUninitialize

Exports

Exports

??0MidiApi@@QAE@ABV0@@Z
??0MidiApi@@QAE@XZ
??0MidiInApi@@QAE@ABV0@@Z
??0MidiInApi@@QAE@I@Z
??0MidiOutApi@@QAE@ABV0@@Z
??0MidiOutApi@@QAE@XZ
??0RtApi@@QAE@XZ
??0RtAudio@@QAE@W4Api@0@$$QAV?$function@$$A6AXW4RtAudioErrorType@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
??0RtMidi@@IAE@XZ
??0RtMidi@@QAE@$$QAV0@@Z
??0RtMidiError@@QAE@ABV0@@Z
??0RtMidiError@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Type@0@@Z
??0RtMidiIn@@QAE@$$QAV0@@Z
??0RtMidiIn@@QAE@W4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
??0RtMidiOut@@QAE@$$QAV0@@Z
??0RtMidiOut@@QAE@W4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1MidiApi@@UAE@XZ
??1MidiInApi@@UAE@XZ
??1MidiOutApi@@UAE@XZ
??1RtApi@@UAE@XZ
??1RtAudio@@QAE@XZ
??1RtMidi@@MAE@XZ
??1RtMidiError@@UAE@XZ
??1RtMidiIn@@UAE@XZ
??1RtMidiOut@@UAE@XZ
??4MidiApi@@QAEAAV0@ABV0@@Z
??4MidiInApi@@QAEAAV0@ABV0@@Z
??4MidiOutApi@@QAEAAV0@ABV0@@Z
??4RtAudio@@QAEAAV0@ABV0@@Z
??4RtMidiError@@QAEAAV0@ABV0@@Z
??_7MidiApi@@6B@
??_7MidiInApi@@6B@
??_7MidiOutApi@@6B@
??_7RtApi@@6B@
??_7RtMidi@@6B@
??_7RtMidiError@@6B@
??_7RtMidiIn@@6B@
??_7RtMidiOut@@6B@
??_FRtAudio@@QAEXXZ
??_FRtMidiIn@@QAEXXZ
??_FRtMidiOut@@QAEXXZ
?MAX_SAMPLE_RATES@RtApi@@1IB
?SAMPLE_RATES@RtApi@@1QBIB
?abortStream@RtAudio@@QAE?AW4RtAudioErrorType@@XZ
?byteSwapBuffer@RtApi@@IAEXPADIK@Z
?cancelCallback@MidiInApi@@QAEXXZ
?cancelCallback@RtMidiIn@@QAEXXZ
?clearStreamInfo@RtApi@@IAEXXZ
?closePort@RtMidiIn@@UAEXXZ
?closePort@RtMidiOut@@UAEXXZ
?closeStream@RtApi@@UAEXXZ
?closeStream@RtAudio@@QAEXXZ
?convertBuffer@RtApi@@IAEXPAD0AAUConvertInfo@1@@Z
?error@MidiApi@@QAEXW4Type@RtMidiError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?error@RtApi@@IAE?AW4RtAudioErrorType@@W42@@Z
?formatBytes@RtApi@@IAEIK@Z
?getApiDisplayName@RtAudio@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Api@1@@Z
?getApiDisplayName@RtMidi@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Api@1@@Z
?getApiName@RtAudio@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Api@1@@Z
?getApiName@RtMidi@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Api@1@@Z
?getCompiledApi@RtAudio@@SAXAAV?$vector@W4Api@RtAudio@@V?$allocator@W4Api@RtAudio@@@std@@@std@@@Z
?getCompiledApi@RtMidi@@SAXAAV?$vector@W4Api@RtMidi@@V?$allocator@W4Api@RtMidi@@@std@@@std@@@Z
?getCompiledApiByDisplayName@RtAudio@@SA?AW4Api@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getCompiledApiByName@RtAudio@@SA?AW4Api@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getCompiledApiByName@RtMidi@@SA?AW4Api@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getCurrentApi@RtAudio@@QAE?AW4Api@1@XZ
?getCurrentApi@RtMidiIn@@QAE?AW4Api@RtMidi@@XZ
?getCurrentApi@RtMidiOut@@QAE?AW4Api@RtMidi@@XZ
?getDefaultInputDevice@RtApi@@UAEIXZ
?getDefaultInputDevice@RtAudio@@QAEIXZ
?getDefaultOutputDevice@RtApi@@UAEIXZ
?getDefaultOutputDevice@RtAudio@@QAEIXZ
?getDeviceCount@RtApi@@QAEIXZ
?getDeviceCount@RtAudio@@QAEIXZ
?getDeviceIds@RtApi@@QAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ
?getDeviceIds@RtAudio@@QAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ
?getDeviceInfo@RtApi@@QAE?AUDeviceInfo@RtAudio@@I@Z
?getDeviceInfo@RtAudio@@QAE?AUDeviceInfo@1@I@Z
?getDeviceNames@RtApi@@QAE?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?getDeviceNames@RtAudio@@QAE?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?getErrorText@RtApi@@QBE?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getErrorText@RtAudio@@QAE?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getMessage@MidiInApi@@QAENPAV?$vector@EV?$allocator@E@std@@@std@@@Z
?getMessage@RtMidiError@@UBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getMessage@RtMidiIn@@QAENPAV?$vector@EV?$allocator@E@std@@@std@@@Z
?getPortCount@RtMidiIn@@UAEIXZ
?getPortCount@RtMidiOut@@UAEIXZ
?getPortName@RtMidiIn@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?getPortName@RtMidiOut@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?getStreamLatency@RtApi@@QAEJXZ
?getStreamLatency@RtAudio@@QAEJXZ
?getStreamSampleRate@RtApi@@QAEIXZ
?getStreamSampleRate@RtAudio@@QAEIXZ
?getStreamTime@RtApi@@UBENXZ
?getStreamTime@RtAudio@@QAENXZ
?getType@RtMidiError@@UBEABW4Type@1@XZ
?getVersion@RtAudio@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getVersion@RtMidi@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?ignoreTypes@MidiInApi@@UAEX_N00@Z
?ignoreTypes@RtMidiIn@@QAEX_N00@Z
?isPortOpen@MidiApi@@QBE_NXZ
?isPortOpen@RtMidiIn@@UBE_NXZ
?isPortOpen@RtMidiOut@@UBE_NXZ
?isStreamOpen@RtApi@@QBE_NXZ
?isStreamOpen@RtAudio@@QBE_NXZ
?isStreamRunning@RtApi@@QBE_NXZ
?isStreamRunning@RtAudio@@QBE_NXZ
?openMidiApi@RtMidiIn@@IAEXW4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?openMidiApi@RtMidiOut@@IAEXW4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?openPort@RtMidiIn@@UAEXIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?openPort@RtMidiOut@@UAEXIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?openRtApi@RtAudio@@IAEXW4Api@1@@Z
?openStream@RtApi@@QAE?AW4RtAudioErrorType@@PAUStreamParameters@RtAudio@@0KIPAIP6AHPAX2INI2@Z2PAUStreamOptions@4@@Z
?openStream@RtAudio@@QAE?AW4RtAudioErrorType@@PAUStreamParameters@1@0KIPAIP6AHPAX2INI2@Z2PAUStreamOptions@1@@Z
?openVirtualPort@RtMidiIn@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?openVirtualPort@RtMidiOut@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?printMessage@RtMidiError@@UBEXXZ
?probeDeviceOpen@RtApi@@MAE_NIW4StreamMode@1@IIIKPAIPAUStreamOptions@RtAudio@@@Z
?probeDevices@RtApi@@MAEXXZ
?sendMessage@RtMidiOut@@QAEXPBEI@Z
?sendMessage@RtMidiOut@@QAEXPBV?$vector@EV?$allocator@E@std@@@std@@@Z
?setBufferSize@MidiInApi@@UAEXII@Z
?setBufferSize@RtMidiIn@@UAEXII@Z
?setCallback@MidiInApi@@QAEXP6AXNPAV?$vector@EV?$allocator@E@std@@@std@@PAX@Z1@Z
?setCallback@RtMidiIn@@QAEXP6AXNPAV?$vector@EV?$allocator@E@std@@@std@@PAX@Z1@Z
?setClientName@RtMidi@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setConvertInfo@RtApi@@IAEXW4StreamMode@1@I@Z
?setErrorCallback@MidiApi@@QAEXP6AXW4Type@RtMidiError@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAX@Z2@Z
?setErrorCallback@RtApi@@QAEXV?$function@$$A6AXW4RtAudioErrorType@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?setErrorCallback@RtAudio@@QAEXV?$function@$$A6AXW4RtAudioErrorType@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?setErrorCallback@RtMidiIn@@UAEXP6AXW4Type@RtMidiError@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAX@Z2@Z
?setErrorCallback@RtMidiOut@@UAEXP6AXW4Type@RtMidiError@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAX@Z2@Z
?setPortName@RtMidi@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setStreamTime@RtApi@@UAEXN@Z
?setStreamTime@RtAudio@@QAEXN@Z
?showWarnings@RtApi@@QAEX_N@Z
?showWarnings@RtAudio@@QAEX_N@Z
?startStream@RtAudio@@QAE?AW4RtAudioErrorType@@XZ
?stopStream@RtAudio@@QAE?AW4RtAudioErrorType@@XZ
?tickStreamTime@RtApi@@IAEXXZ
?what@RtMidiError@@UBEPBDXZ

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 745KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee7e9397f1dbc886b52174ff04fc0ac1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

shlwapi

crypt32

winmm

mfplat

advapi32

ole32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 745KB - Virtual size: 744KB

.data Size: 23KB - Virtual size: 38KB

.rsrc Size: 10.9MB - Virtual size: 10.9MB

.reloc Size: 110KB - Virtual size: 110KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 745KB - Virtual size: 744KB

.data
Size: 23KB - Virtual size: 38KB

.rsrc
Size: 10.9MB - Virtual size: 10.9MB

.reloc
Size: 110KB - Virtual size: 110KB