604f190ba001073cc15dbaa3ee194819c9efb7161b54b2f4154823c07f1feb98N

Sharing

Copy URL

Twitter E-mail

General

Target

604f190ba001073cc15dbaa3ee194819c9efb7161b54b2f4154823c07f1feb98N
Size

351KB
MD5

32807a0658bcdfb94a371a6592d3f180
SHA1

6d40d8ed6458935ad343d6b0009fbda43b4948be
SHA256

604f190ba001073cc15dbaa3ee194819c9efb7161b54b2f4154823c07f1feb98
SHA512

1da47e5fd35db7dd6299e32705897464a7549d5aad693183861c87263bd6d829ef9932fd137cb89a1da9d3edec5a26925079999433303386d1d742faf926aeec
SSDEEP

6144:H+uoiNYf2TGgnWL2/ik5jeEkSTSJHAauNTXcLJe:HHTN9KeAU

Score

1^/10

Malware Config

Signatures

Files

604f190ba001073cc15dbaa3ee194819c9efb7161b54b2f4154823c07f1feb98N
.dll windows:10 windows x64 arch:x64

1e206e43c8057412b49917c02c56ca25

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:23:69:27:16:d8:45:9b:a1:72:59:6f:ac:10:a6:ab:c7:dd:c1:fa:30:c9:5a:c8:a9:bf:c1:9e:44:e6:d6:81
Signer

Actual PE Digest

86:23:69:27:16:d8:45:9b:a1:72:59:6f:ac:10:a6:ab:c7:dd:c1:fa:30:c9:5a:c8:a9:bf:c1:9e:44:e6:d6:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

MXEAgent.pdb

Imports

msvcrt

__RTDynamicCast
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
memmove_s
free
?name@type_info@@QEBAPEBDXZ
_purecall
calloc
__CxxFrameHandler3
memset

kernel32

TerminateProcess
GetLastError
Sleep
QueryPerformanceCounter
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject

unbcl

??C?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$ArrayList@PEAVString@UnBCL@@@1@XZ
??1?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@UEAA@XZ
??0?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$ArrayList@PEAVString@UnBCL@@@1@@Z
?Combine@Path@UnBCL@@SAPEAVString@2@PEBV32@0@Z
?SanitizeTypeName@SerializationStream@UnBCL@@SAPEAVString@2@AEBV32@@Z
?GetCallingModule@SerializationStream@UnBCL@@SAPEAUHINSTANCE__@@XZ
?CanRegister@SerializationStream@UnBCL@@SAHXZ
?UnregisterType@SerializationStream@UnBCL@@SAXPEBVString@2@HPEAUHINSTANCE__@@@Z
?RegisterType@SerializationStream@UnBCL@@SAXPEBVString@2@HPEAUHINSTANCE__@@PEAUIInstanceFactory@2@@Z
??5SerializationStream@UnBCL@@QEAAAEAV01@AEAH@Z
??5SerializationStream@UnBCL@@QEAAAEAV01@AEAPEAVString@1@@Z
??5SerializationStream@UnBCL@@QEAAAEAV01@AEAPEAUISerializable@1@@Z
??6SerializationStream@UnBCL@@QEAAAEAV01@H@Z
??6SerializationStream@UnBCL@@QEAAAEAV01@PEBVString@1@@Z
??6SerializationStream@UnBCL@@QEAAAEAV01@PEBUISerializable@1@@Z
??0XmlDocument@UnBCL@@QEAA@XZ
?FormatV@String@UnBCL@@SAPEAV12@PEBGPEAD@Z
?Concat@String@UnBCL@@SAPEAV12@PEBG00@Z
?Trim@String@UnBCL@@QEBAPEAV12@XZ
?Substring@String@UnBCL@@QEBAPEAV12@HH@Z
?Split@String@UnBCL@@QEBAPEAV?$ArrayList@PEAVString@UnBCL@@@2@PEBG@Z
?LastIndexOf@String@UnBCL@@QEBAHG@Z
?get_CString@String@UnBCL@@QEBAPEBGXZ
?CompareTo@String@UnBCL@@UEBAHPEBVObject@2@@Z
?Clone@String@UnBCL@@UEBAPEAVObject@2@XZ
?ToString@String@UnBCL@@UEBAPEAV12@XZ
?GetHashCode@String@UnBCL@@UEBAHXZ
?Equals@String@UnBCL@@UEBAHPEBVObject@2@@Z
??1String@UnBCL@@UEAA@XZ
??0String@UnBCL@@QEAA@PEBV01@@Z
??0String@UnBCL@@QEAA@PEBG@Z
??0String@UnBCL@@QEAA@AEBV01@@Z
?SetLiteralStorage@_@UnBCL@@YAXPEAPEBVString@2@PEBG@Z
?DecRef@Object@UnBCL@@QEAAHXZ
?AddRef@Object@UnBCL@@QEAAXXZ
??3Object@UnBCL@@SAXPEAX@Z
??2Object@UnBCL@@SAPEAX_K@Z
??2Object@UnBCL@@SAPEAX_KI@Z
?Clone@Object@UnBCL@@UEBAPEAV12@XZ
?CompareTo@Object@UnBCL@@UEBAHPEBV12@@Z
?GetObjectID@Object@UnBCL@@UEBAIXZ
?ToString@Object@UnBCL@@UEBAPEAVString@2@XZ
?GetType@Object@UnBCL@@UEBAPEAVType@2@XZ
?GetHashCode@Object@UnBCL@@UEBAHXZ
?Equals@Object@UnBCL@@UEBAHPEBV12@@Z
??1Object@UnBCL@@UEAA@XZ
??0Object@UnBCL@@QEAA@XZ
??0Object@UnBCL@@QEAA@AEBV01@@Z
?Clone@?$ArrayList@PEAVString@UnBCL@@@UnBCL@@UEBAPEAVObject@2@XZ
?Equals@?$ArrayList@PEAVString@UnBCL@@@UnBCL@@UEBAHPEBVObject@2@@Z
??0?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??0Win32Exception@UnBCL@@QEAA@K@Z
??0Win32Exception@UnBCL@@QEAA@KPEBG@Z
??0IInstanceFactory@UnBCL@@QEAA@XZ
??1?$IEnumerator@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ
??0?$IEnumerator@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??0?$ICollection@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??0?$IEnumerable@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??1NotSupportedException@UnBCL@@UEAA@XZ
??1InvalidCastException@UnBCL@@UEAA@XZ
??4Object@UnBCL@@QEAAAEAV01@AEBV01@@Z
??1ArgumentOutOfRangeException@UnBCL@@UEAA@XZ
??1?$ICollection@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ
??_D?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAAXXZ
??1InvalidOperationException@UnBCL@@UEAA@XZ
??1ISerializable@UnBCL@@UEAA@XZ
??0ISerializable@UnBCL@@QEAA@XZ
??1Win32Exception@UnBCL@@UEAA@XZ
??1ArgumentException@UnBCL@@UEAA@XZ
??1ArgumentNullException@UnBCL@@UEAA@XZ
?get_P@?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$ArrayList@PEAVString@UnBCL@@@2@XZ
??1XmlDocument@UnBCL@@UEAA@XZ
?Load@XmlDocument@UnBCL@@QEAAXPEAVString@2@@Z
?Exists@Directory@UnBCL@@SAHPEBVString@2@@Z
?GetFiles@Directory@UnBCL@@SAPEAV?$Array@PEAVString@UnBCL@@@2@PEBVString@2@0H@Z
?GetCurrentDir@Directory@UnBCL@@SAPEAVString@2@XZ
??0InvalidCastException@UnBCL@@QEAA@XZ
?MemAllocFailed@Allocator@UnBCL@@SAHXZ
?ToString@Exception@UnBCL@@UEBAPEAVString@2@XZ
?get_InnerException@Exception@UnBCL@@UEBAPEBV12@XZ
?get_Message@Exception@UnBCL@@UEBAPEBVString@2@XZ
?get_Source@Exception@UnBCL@@UEBAPEBVString@2@XZ
?set_Source@Exception@UnBCL@@UEAAXPEBVString@2@@Z
?AddStackTrace@Exception@UnBCL@@QEAAXPEBD@Z
?GetBaseException@Exception@UnBCL@@UEBAPEBV12@XZ
?get_HResult@Exception@UnBCL@@UEBAJXZ
?set_HResult@Exception@UnBCL@@MEAAXJ@Z
?SetMessage@Exception@UnBCL@@MEAAXPEAVString@2@@Z
??0ArgumentNullException@UnBCL@@QEAA@PEBG@Z
??0NotSupportedException@UnBCL@@QEAA@PEBG@Z
??0ArgumentException@UnBCL@@QEAA@PEBG@Z
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@PEAVString@1@@Z
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@XZ
??1?$SmartPtr@VString@UnBCL@@@UnBCL@@UEAA@XZ
??4?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z
??D?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAAEAVString@1@XZ
??C?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@1@XZ
?get_P@?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@2@XZ
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBG@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@@Z
??0?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$Array@PEAVString@UnBCL@@@1@@Z
??1?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@UEAA@XZ
??C?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$Array@PEAVString@UnBCL@@@1@XZ
?EnqueueSbRegistration@SbRegistrationList@UnBCL@@SAXPEBDHPEAUHINSTANCE__@@PEAUIInstanceFactory@2@@Z
?ExpandEnvironmentVariables@Environment@UnBCL@@SAPEAVString@2@PEBV32@@Z
??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBG@Z
?Exists@File@UnBCL@@SAHPEBVString@2@@Z
?FromASCII@String@UnBCL@@SAPEAV12@PEBD@Z

migcore

??4CAgent@Mig@@QEAAAEAV01@AEBV01@@Z
??0CAgent@Mig@@QEAA@AEBV01@@Z
??1?$ICollection@PEAVCMigUnit@Mig@@@UnBCL@@UEAA@XZ
??1?$IList@PEAVCMigUnit@Mig@@@UnBCL@@UEAA@XZ
??0?$IEnumerable@PEAVCMigUnit@Mig@@@UnBCL@@QEAA@XZ
??0?$ICollection@PEAVCMigUnit@Mig@@@UnBCL@@QEAA@XZ
??0?$IList@PEAVCMigUnit@Mig@@@UnBCL@@QEAA@XZ
??_D?$ArrayList@PEAVCMigUnit@Mig@@@UnBCL@@QEAAXXZ
?AddMigrationXml@CMXEService@Mig@@SAPEAVString@UnBCL@@PEAVCPlatform@2@PEAV34@PEAVXmlDocument@4@11PEAH@Z
?GetMigrationUnits@CMXEService@Mig@@SAXPEAVString@UnBCL@@PEAVCPlatform@2@PEAVCUserContext@2@PEAV?$Hashtable@PEAVString@UnBCL@@PEAVCMigUnit@Mig@@@4@@Z
?SetWorkingDirectory@CMXEService@Mig@@SAXPEAVString@UnBCL@@0@Z
?AddDetectInfo@CMXEService@Mig@@SAXPEAVString@UnBCL@@PEAVCPlatform@2@PEAVCUserContext@2@PEAVCMigUnit@2@@Z
?AddGatherInfo@CMXEService@Mig@@SAXPEAVString@UnBCL@@PEAVCPlatform@2@PEAVCUserContext@2@PEAVCMigUnit@2@@Z
?AddApplyInfo@CMXEService@Mig@@SAXPEAVString@UnBCL@@0PEAVCPlatform@2@1PEAVCUserContext@2@PEAVCMigUnit@2@@Z
?AdjustRules@CMXEService@Mig@@SAXPEAVString@UnBCL@@PEAVCPlatform@2@1PEAVCUserContext@2@PEAVCMigUnit@2@@Z
?set_AgentName@CMigUnit@Mig@@QEAAXPEAVString@UnBCL@@@Z
?set_ExtraData@CMigUnit@Mig@@QEAAXPEAVObject@UnBCL@@@Z
?Clone@?$ArrayList@PEAVCMigUnit@Mig@@@UnBCL@@UEBAPEAVObject@2@XZ
??0CMigUnitList@Mig@@QEAA@XZ
??_DCMigUnitList@Mig@@QEAAXXZ
??0?$ArrayList@PEAVCMigUnit@Mig@@@UnBCL@@QEAA@PEBU?$ICollection@PEAVCMigUnit@Mig@@@1@@Z
?Equals@?$ArrayList@PEAVCMigUnit@Mig@@@UnBCL@@UEBAHPEBVObject@2@@Z
?Init@CAgent@Mig@@UEAAXPEAVCPlatform@2@PEAVString@UnBCL@@@Z
?Done@CAgent@Mig@@UEAAXH@Z
?RefreshGatherInfo@CAgent@Mig@@UEAAXPEAVCMigUnit@2@PEAUICancelable@@@Z
?InitApply@CAgent@Mig@@UEAAXPEAVCPlatform@2@0PEAVString@UnBCL@@@Z
??0CAgent@Mig@@IEAA@PEAVString@UnBCL@@@Z
??1CAgent@Mig@@UEAA@XZ

wdscore

ConstructPartialMsgVW
CurrentIP
WdsSetupLogMessageW

Exports

Exports

??0CMXEAgent@Mig@@QEAA@$$QEAV01@@Z
??0CMXEAgent@Mig@@QEAA@AEBV01@@Z
??0CMXEAgent@Mig@@QEAA@PEAVString@UnBCL@@@Z
??1CMXEAgent@Mig@@UEAA@XZ
??4CMXEAgent@Mig@@QEAAAEAV01@$$QEAV01@@Z
??4CMXEAgent@Mig@@QEAAAEAV01@AEBV01@@Z
??_7CMXEAgent@Mig@@6B01@@
??_7CMXEAgent@Mig@@6BCAgent@1@@
??_8CMXEAgent@Mig@@7B@
??_DCMXEAgent@Mig@@QEAAXXZ
?AddApplyInfo@CMXEAgent@Mig@@UEAAXPEAVCMigUnit@2@@Z
?AddGatherInfo@CMXEAgent@Mig@@UEAAXPEAVCMigUnit@2@PEAUICancelable@@@Z
?AddXmlFile@CMXEAgent@Mig@@IEAAXPEAVString@UnBCL@@@Z
?AdjustRules@CMXEAgent@Mig@@UEAAXPEAVCMigUnit@2@0@Z
?Detect@CMXEAgent@Mig@@UEAAPEAVCMigUnitList@2@PEAVCUserContext@2@PEAUICancelable@@@Z
?Done@CMXEAgent@Mig@@UEAAXH@Z
?Init@CMXEAgent@Mig@@UEAAXPEAVCPlatform@2@PEAVString@UnBCL@@@Z
?Init@CMXEAgent@Mig@@UEAAXPEAVCPlatform@2@PEAVString@UnBCL@@PEAV?$ArrayList@PEAVString@UnBCL@@@5@@Z
?InitApply@CMXEAgent@Mig@@UEAAXPEAVCPlatform@2@0PEAVString@UnBCL@@@Z
LoadAgent

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e206e43c8057412b49917c02c56ca25

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

86:23:69:27:16:d8:45:9b:a1:72:59:6f:ac:10:a6:ab:c7:dd:c1:fa:30:c9:5a:c8:a9:bf:c1:9e:44:e6:d6:81Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

unbcl

migcore

wdscore

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 157KB

.rdata Size: 151KB - Virtual size: 150KB

.data Size: 19KB - Virtual size: 21KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 4KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

86:23:69:27:16:d8:45:9b:a1:72:59:6f:ac:10:a6:ab:c7:dd:c1:fa:30:c9:5a:c8:a9:bf:c1:9e:44:e6:d6:81
Signer

.text
Size: 158KB - Virtual size: 157KB

.rdata
Size: 151KB - Virtual size: 150KB

.data
Size: 19KB - Virtual size: 21KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 4KB