a6dd93b049c0c55306a332655f8605f33f6c953589ac1ad2c6ffd9473a53c8ae

Sharing

Copy URL Twitter E-mail

General

Target

a6dd93b049c0c55306a332655f8605f33f6c953589ac1ad2c6ffd9473a53c8ae
Size

4.8MB
MD5

30d22a41f0b0fdfee3d4db524e56e892
SHA1

6a063522b5c0be7c00017b891fef3c52699710a8
SHA256

a6dd93b049c0c55306a332655f8605f33f6c953589ac1ad2c6ffd9473a53c8ae
SHA512

0c81a0f0a2498208cb9c9d38ef1f891c5e16b84d818f3881104b4b2ab1132ca0a283811e5349d55b6a6d1ce8f6f69e7b16c49b1bc4c2c7d235db5730d3fa0e04
SSDEEP

98304:z9t26SN0uVei/hCAZ81AxuDmYiHEUtqwjahd7Skca:z98N0uUnJ6YikUtDaz7SS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6dd93b049c0c55306a332655f8605f33f6c953589ac1ad2c6ffd9473a53c8ae

Files

a6dd93b049c0c55306a332655f8605f33f6c953589ac1ad2c6ffd9473a53c8ae
.exe windows:5 windows x86 arch:x86

6c826addd069a14fdf46b1616ae8be3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Jenkins\workspace\10102\ffxiv\downloaderLegacy\workcopy\bin\ffxiv_20240917_downloader_unsigned.pdb

Imports

ws2_32

sendto
getaddrinfo
freeaddrinfo
socket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
shutdown
ioctlsocket
select
__WSAFDIsSet
WSASetLastError
listen
accept
inet_addr
WSAStartup
gethostname
WSACleanup
gethostbyname
inet_ntoa
ntohl
WSAJoinLeaf
WSASocketA
htonl
recvfrom

wldap32

ord50
ord60
ord143
ord22
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord211

kernel32

ConvertDefaultLocale
GetCurrentThread
DeleteFileA
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetFullPathNameA
CreateFileA
GlobalFlags
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
GetModuleHandleW
SetErrorMode
SetFileAttributesA
GetFileAttributesA
GetFileSizeEx
GetFileTime
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
OutputDebugStringA
GetDiskFreeSpaceA
GetCompressedFileSizeA
TryEnterCriticalSection
GetSystemDirectoryA
CreateDirectoryA
SetFileValidData
GetDiskFreeSpaceExA
RtlUnwind
GetSystemTimeAsFileTime
HeapAlloc
GetTimeFormatA
GetDateFormatA
HeapSize
EnumResourceLanguagesA
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
ExitProcess
GetCommandLineA
GetStartupInfoA
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetFileInformationByHandle
SetConsoleCtrlHandler
VirtualFree
HeapCreate
GetACP
IsValidCodePage
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
CreateFileW
GetFileAttributesW
SetConsoleMode
ReadConsoleInputA
GetLocalTime
GetNativeSystemInfo
GetVolumeInformationW
FindResourceW
FormatMessageW
GetPrivateProfileStringW
InterlockedCompareExchange
GetLocaleInfoA
UnhandledExceptionFilter
InterlockedExchange
lstrcmpA
CreateEventA
Sleep
WinExec
SetEvent
FormatMessageA
LocalFree
MulDiv
InterlockedDecrement
GetModuleFileNameW
FileTimeToSystemTime
FindNextFileA
GetCurrentProcessId
SuspendThread
SetThreadPriority
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LoadLibraryA
FreeLibrary
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
GlobalUnlock
CloseHandle
GetLastError
GetCurrentProcess
SetLastError
GlobalFree
FreeResource
lstrcpyA
CreateMutexA
GetVersion
CreateFileMappingA
MapViewOfFile
GetCurrentThreadId
OpenEventA
UnmapViewOfFile
ReleaseMutex
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Thread32First
Thread32Next
RaiseException
lstrlenW
WaitForSingleObject
MultiByteToWideChar
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
ResumeThread
MoveFileA
GetModuleFileNameA
GlobalAlloc
GlobalLock
FindFirstFileA
FileTimeToLocalFileTime
FindClose
GetTickCount
WritePrivateProfileStringA
GetSystemTime
SystemTimeToFileTime
GetDriveTypeA
GetEnvironmentVariableA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcpynA
GetVolumeInformationA

user32

MessageBeep
RegisterClipboardFormatA
GetUserObjectInformationW
GetProcessWindowStation
SetCursor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetWindowThreadProcessId
GetMessageA
TranslateMessage
ValidateRect
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetNextDlgGroupItem
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
GetScrollRange
SetWindowContextHelpId
IsWindowVisible
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetScrollInfo
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetParent
IsChild
GetFocus
UpdateWindow
FillRect
OffsetRect
SystemParametersInfoA
SetCapture
KillTimer
SetTimer
ReleaseCapture
LoadIconA
ReleaseDC
GetDC
GetClientRect
SetWindowRgn
IsIconic
AppendMenuA
CreatePopupMenu
GrayStringA
DrawTextExA
InvalidateRgn
SetRect
CopyAcceleratorTableA
CharNextA
UnregisterClassA
TabbedTextOutA
DrawIcon
PtInRect
LoadCursorA
GetSysColorBrush
CharUpperA
GetMessageTime
GetCursorPos
LoadImageA
IsRectEmpty
DrawTextA
GetSystemMetrics
PostQuitMessage
SetForegroundWindow
PostThreadMessageA
RegisterWindowMessageA
IsWindow
InvalidateRect
LoadBitmapA
CopyRect
GetClassLongA
SetClassLongA
SendMessageA
PostMessageA
DestroyWindow
MessageBoxA
EnableWindow
GetWindowRect
GetScrollPos
MapDialogRect
EnumDisplaySettingsExW
GetActiveWindow

gdi32

GetClipBox
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCA
SaveDC
RestoreDC
SetMapMode
ExcludeClipRect
LineTo
MoveToEx
DeleteObject
CreateSolidBrush
SelectObject
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
CreateRectRgnIndirect
GetTextColor
GetRgnBox
GetBitmapBits
SetViewportOrgEx
CreateFontIndirectA
CreatePen
Escape
ExtTextOutA
TextOutA
StretchBlt
RectVisible
PtVisible
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
CombineRgn
CreateRectRgn
CreateFontA
SetBkMode
GetPixel
BitBlt
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegEnumKeyExW
LookupPrivilegeValueA
OpenProcessToken
RegisterEventSourceA
ReportEventA
RegQueryValueExW
RegOpenKeyExW
DeregisterEventSource
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitiateSystemShutdownA
AdjustTokenPrivileges

shell32

ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
Shell_NotifyIconA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathIsUNCA
PathStripToRootA

oledlg

ord8

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoRevokeClassObject
CLSIDFromProgID
CLSIDFromString
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

oleaut32

VariantTimeToSystemTime
SafeArrayDestroy
OleCreateFontIndirect
SysAllocStringLen
VariantChangeType
SystemTimeToVariantTime
VariantCopy
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantClear

gdiplus

GdiplusStartup
GdiplusShutdown

winmm

timeSetEvent
timeKillEvent

rpcrt4

UuidCreate

iphlpapi

GetNetworkParams
GetAdaptersInfo
GetIfTable

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

netapi32

Netbios

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c826addd069a14fdf46b1616ae8be3d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

winmm

rpcrt4

iphlpapi

version

netapi32

dbghelp

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 75KB - Virtual size: 111KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 75KB - Virtual size: 111KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB