9fa3a398d24b74323ab0b59063977dffb39ba6817f9f44868ed00f1491a79789

Sharing

Copy URL Twitter E-mail

General

Target

9fa3a398d24b74323ab0b59063977dffb39ba6817f9f44868ed00f1491a79789
Size

2.1MB
MD5

70b6bac496785f1bf32a4b6ba36facd3
SHA1

4ade89abbd5cbd89fe58527f2798e0caa64f23fd
SHA256

9fa3a398d24b74323ab0b59063977dffb39ba6817f9f44868ed00f1491a79789
SHA512

534e34b32e47cdb5b29c72a5c33251b8535c6b57503d08883f34d0f300ef7316fb81d610559bec15af63b72b47123010f5a46ac165002eab6e1f7a948e2438a7
SSDEEP

49152:flsXOu3mc/Hkw5DBNkidA8GESvs7v3bE2B0HYNWvH99cYGRLY2Lf:flsXdmc/HkeGidA8GESvs7v3g2B04NWK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fa3a398d24b74323ab0b59063977dffb39ba6817f9f44868ed00f1491a79789

Files

9fa3a398d24b74323ab0b59063977dffb39ba6817f9f44868ed00f1491a79789
.exe windows:6 windows x86 arch:x86

2be9a9a0193407018b1c78a346589363

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_ci\workspace\Pack_Web_WebPlugins\WebLocalService\target\vs2013_win32\release\WebPluginService.pdb

Imports

ws2_32

freeaddrinfo
ntohl
inet_ntoa
accept
listen
getsockopt
send
closesocket
WSASetLastError
__WSAFDIsSet
socket
bind
getaddrinfo
WSACleanup
sendto
setsockopt
shutdown
WSAGetLastError
recvfrom
WSAStartup
connect
ioctlsocket
getsockname
htons
inet_addr
getpeername
htonl
recv
WSASend
WSARecv
WSAIoctl
ntohs
select

rpcrt4

UuidCreate

winmm

timeKillEvent
timeEndPeriod

gdiplus

GdipFree
GdipDeleteBrush
GdiplusShutdown
GdipCloneBrush
GdipFillPolygonI
GdipCreateSolidFill
GdipAlloc
GdipCreateFromHDC
GdipSetSolidFillColor
GdiplusStartup
GdipDeletePen
GdipDrawLineI
GdipCreatePen1
GdipLoadImageFromStream
GdipSaveImageToStream
GdipGetImageHeight
GdipFillPolygon
GdipCombineRegionRectI
GdipFillRegion
GdipDrawImageRectI
GdipLoadImageFromFile
GdipDrawPolygon
GdipDrawLines
GdipSetPenColor
GdipGetImageEncodersSize
GdipDisposeImage
GdipDeleteRegion
GdipGetImageEncoders
GdipCreateRegion
GdipFillPieI
GdipCloneImage
GdipGetImageWidth
GdipDeleteGraphics

slf

HIKSLF_WebProcess

kernel32

GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCPInfo
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TerminateProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
LoadLibraryExW
ExitThread
CreateThread
WriteFile
CreateFileW
GetLastError
GetLocalTime
CloseHandle
GetModuleHandleA
GetCurrentProcess
CreateDirectoryW
GetCurrentThread
WideCharToMultiByte
GetFileAttributesA
GetEnvironmentVariableA
MultiByteToWideChar
CreateDirectoryA
OutputDebugStringA
GetDiskFreeSpaceExA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionEx
RaiseException
HeapSize
DecodePointer
DeleteCriticalSection
SetFileAttributesA
lstrlenA
lstrcpynA
lstrcatA
EnumSystemLocalesW
FindClose
FreeLibrary
GetProcAddress
LoadLibraryExA
GetSystemTime
MulDiv
DeleteFileA
CreateProcessA
GetSystemDirectoryA
GetModuleFileNameA
CreateMutexA
InitializeCriticalSection
Sleep
MoveFileA
LoadLibraryA
GetSystemInfo
CreateFileA
SetFilePointer
ReadFile
FlushFileBuffers
GetFileType
FindNextFileA
GetFileInformationByHandle
LocalFree
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
TlsGetValue
WaitForSingleObject
TlsSetValue
SetThreadPriority
GetCurrentThreadId
TlsAlloc
TlsFree
DuplicateHandle
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetTimeZoneInformation
QueryPerformanceFrequency
FileTimeToLocalFileTime
SetWaitableTimer
SetEvent
ResetEvent
WaitForMultipleObjects
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CreateSemaphoreA
ReleaseSemaphore
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
SystemTimeToTzSpecificLocalTime
GetCommandLineA
GetStdHandle
GetModuleFileNameW
GetFileAttributesExW
GetStringTypeW
DeleteFileW
IsValidCodePage
GetACP
GetOEMCP
SetFilePointerEx
GetConsoleCP
GetConsoleMode
ReadConsoleW
FindFirstFileExW
FindNextFileW
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
MoveFileExW
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
SetStdHandle
WriteConsoleW
LoadLibraryW
SetEndOfFile
EncodePointer
SetEnvironmentVariableA
FindFirstFileA

user32

PostQuitMessage
RegisterClassExA
GetMessageA
EnumWindows
GetWindowTextA
BringWindowToTop
GetWindowRgn
SendMessageTimeoutA
EndPaint
ClientToScreen
SetCursor
SetTimer
GetWindowRect
SetCapture
KillTimer
BeginPaint
GetDC
InvalidateRect
ReleaseDC
SetClassLongA
IsWindow
PostMessageA
LoadStringA
SendMessageA
GetClassNameA
DialogBoxParamA
DrawTextA
FrameRect
WaitForInputIdle
GetForegroundWindow
FindWindowA
DestroyWindow
SetWindowPlacement
LoadIconA
SetParent
GetClientRect
SetFocus
GetMonitorInfoA
GetWindowPlacement
SetWindowLongA
GetWindowLongA
CreateWindowExA
MonitorFromWindow
DefWindowProcA
TranslateMessage
TranslateAcceleratorA
EndDialog
LoadAcceleratorsA
ReleaseCapture
DispatchMessageA
SetWindowPos
ShowWindow
SetWindowRgn
UpdateWindow
LoadCursorA
RegisterClassA
GetWindow
MoveWindow
DrawTextW
RegisterDeviceNotificationA
FillRect
GetParent

gdi32

Polyline
SetStretchBltMode
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
PolyBezier
DeleteDC
BitBlt
SetBkColor
CreateRectRgn
CreateRoundRectRgn
CombineRgn
MoveToEx
Rectangle
LineTo
GetTextExtentPoint32W
SetTextColor
CreateFontA
SetBkMode
SelectObject
CreateFontW
CreatePen
GetStockObject
GetTextCharset
GetDeviceCaps
CreateSolidBrush
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

IsTextUnicode
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
RegQueryValueExA
EqualSid
GetTokenInformation
OpenThreadToken
OpenProcessToken
GetSecurityInfo

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExA
SHBrowseForFolderA
ord680

ole32

CreateStreamOnHGlobal

Exports

Exports

??0CBaseProtocol@NetSDK@@QAE@ABV01@@Z
??0CCoreSignal@NetSDK@@QAE@ABV01@@Z
??0CCtrlCoreBase@NetSDK@@QAE@ABV01@@Z
??0CCycleBuffer@NetSDK@@QAE@ABV01@@Z
??0CDependLibLoader@NetSDK@@QAE@ABV01@@Z
??0CLinkAsyncIO@NetSDK@@QAE@ABV01@@Z
??0CLinkBase@NetSDK@@QAE@ABV01@@Z
??0CLinkTCP@NetSDK@@QAE@ABV01@@Z
??0CLinkTCPSocks5@NetSDK@@QAE@ABV01@@Z
??0CLongLinkPrivate@NetSDK@@QAE@ABV01@@Z
??0CLongLinkPrivateBase@NetSDK@@QAE@ABV01@@Z
??0CMemberBase@NetSDK@@QAE@ABV01@@Z
??0CMemberMgrBase@NetSDK@@QAE@ABV01@@Z
??0CMultiThreadControl@NetSDK@@QAE@ABV01@@Z
??0CObjectBase@NetSDK@@QAE@ABV01@@Z
??0CObjectBasePrivate@NetSDK@@QAE@ABV01@@Z
??0CRWLock@NetSDK@@QAE@ABV01@@Z
??0CRWLockGuard@NetSDK@@QAE@ABV01@@Z
??0CSSLTransInterface@NetSDK@@QAE@ABV01@@Z
??0CSSLTransInterface@NetSDK@@QAE@XZ
??1CSSLTransInterface@NetSDK@@UAE@XZ
??4CBaseProtocol@NetSDK@@QAEAAV01@ABV01@@Z
??4CCoreSignal@NetSDK@@QAEAAV01@ABV01@@Z
??4CCtrlCoreBase@NetSDK@@QAEAAV01@ABV01@@Z
??4CCycleBuffer@NetSDK@@QAEAAV01@ABV01@@Z
??4CDependLibLoader@NetSDK@@QAEAAV01@ABV01@@Z
??4CLinkAsyncIO@NetSDK@@QAEAAV01@ABV01@@Z
??4CLinkBase@NetSDK@@QAEAAV01@ABV01@@Z
??4CLinkTCP@NetSDK@@QAEAAV01@ABV01@@Z
??4CLinkTCPSocks5@NetSDK@@QAEAAV01@ABV01@@Z
??4CLongLinkPrivate@NetSDK@@QAEAAV01@ABV01@@Z
??4CLongLinkPrivateBase@NetSDK@@QAEAAV01@ABV01@@Z
??4CMemberBase@NetSDK@@QAEAAV01@ABV01@@Z
??4CMemberMgrBase@NetSDK@@QAEAAV01@ABV01@@Z
??4CMultiThreadControl@NetSDK@@QAEAAV01@ABV01@@Z
??4CObjectBase@NetSDK@@QAEAAV01@ABV01@@Z
??4CObjectBasePrivate@NetSDK@@QAEAAV01@ABV01@@Z
??4CRWLock@NetSDK@@QAEAAV01@ABV01@@Z
??4CSSLTransInterface@NetSDK@@QAEAAV01@ABV01@@Z
??4CXmlBase@NetSDK@@QAEAAV01@ABV01@@Z
??_7CBaseProtocol@NetSDK@@6B@
??_7CCoreSignal@NetSDK@@6B@
??_7CCtrlCoreBase@NetSDK@@6B@
??_7CCycleBuffer@NetSDK@@6B@
??_7CDependLibLoader@NetSDK@@6B@
??_7CLinkAsyncIO@NetSDK@@6B@
??_7CLinkBase@NetSDK@@6B@
??_7CLinkTCP@NetSDK@@6B@
??_7CLinkTCPSocks5@NetSDK@@6B@
??_7CLongLinkPrivate@NetSDK@@6B@
??_7CLongLinkPrivateBase@NetSDK@@6B@
??_7CMemberBase@NetSDK@@6B@
??_7CMemberMgrBase@NetSDK@@6B@
??_7CMultiThreadControl@NetSDK@@6B@
??_7CObjectBase@NetSDK@@6B@
??_7CObjectBasePrivate@NetSDK@@6B@
??_7CRWLock@NetSDK@@6B@
??_7CRWLockGuard@NetSDK@@6B@
??_7CSSLTransInterface@NetSDK@@6B@
?Recv@CLinkBase@NetSDK@@UAEHABIPADH@Z
?SetAsyn@CBaseProtocol@NetSDK@@QAEXH@Z

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2be9a9a0193407018b1c78a346589363

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

rpcrt4

winmm

gdiplus

slf

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 338KB - Virtual size: 337KB

.data Size: 17KB - Virtual size: 1.1MB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 76KB - Virtual size: 75KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 338KB - Virtual size: 337KB

.data
Size: 17KB - Virtual size: 1.1MB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 76KB - Virtual size: 75KB