4ea058f3cf5939870a8284b33153dbf5c1b4b0f55bf0f55c78e3f0bdb14081f3

Sharing

Copy URL Twitter E-mail

General

Target

4ea058f3cf5939870a8284b33153dbf5c1b4b0f55bf0f55c78e3f0bdb14081f3
Size

3.7MB
MD5

d1e3653ecc18f560077c2cf8acd260f2
SHA1

7f79cc3219deae7e0c2dd96a57ca34ccdb6167ea
SHA256

4ea058f3cf5939870a8284b33153dbf5c1b4b0f55bf0f55c78e3f0bdb14081f3
SHA512

ea7cd05bb41522a6cacb5c6952e3515bea45c8fd066f3eb92ba5ba2227d9609357bb94a601ef50328e82bb508ddda35764f2e58108f0cc0e803a66116fa5f06f
SSDEEP

98304:hY0W91RTeoMjxnIEHg4rJZxd7FLOAkGkzdnEVomFHKnPF:hE91WfJZxd7FLOyomFHKnP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ea058f3cf5939870a8284b33153dbf5c1b4b0f55bf0f55c78e3f0bdb14081f3

Files

4ea058f3cf5939870a8284b33153dbf5c1b4b0f55bf0f55c78e3f0bdb14081f3
.exe windows:5 windows x86 arch:x86

360789a291b5344cc27124888101e5e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\2018_2022_6.0.12_U3_P1_Venus\code\modules\runtime_detector\bin\win.x86\Release\RunTimeDetector.pdb

Imports

ws2_32

connect
socket
WSAAddressToStringA
getnameinfo
WSAStringToAddressW
htonl
ntohl
freeaddrinfo
getaddrinfo
WSAGetLastError
WSAAddressToStringW
WSACleanup
WSAStartup
closesocket
WSASetLastError

iphlpapi

IcmpCreateFile
Icmp6SendEcho2
Icmp6CreateFile
IcmpSendEcho
IcmpCloseHandle

kernel32

HeapAlloc
RaiseException
HeapReAlloc
HeapSize
HeapFree
GetEnvironmentVariableA
SetThreadLocale
SetThreadUILanguage
CreateDirectoryA
GetPrivateProfileStringA
InitializeCriticalSection
SetFilePointer
GetFileSize
CreateFileW
ReadFile
GetEnvironmentVariableW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
TlsFree
TlsSetValue
TlsGetValue
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
WritePrivateProfileStringA
GetThreadLocale
FindResourceW
LoadResource
LockResource
SizeofResource
VerifyVersionInfoW
VerSetConditionMask
SetLastError
InterlockedCompareExchange
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedExchangeAdd
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
SleepEx
SetEvent
QueueUserAPC
TerminateThread
WaitForMultipleObjects
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetLastError
TlsAlloc
WinExec
lstrlenW
DecodePointer
GetProcessHeap
GetSystemInfo
lstrcatW
MultiByteToWideChar
OutputDebugStringA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeResource
GetModuleHandleA
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
MulDiv
GetCurrentProcessId
GlobalSize
LocalFree
FormatMessageW
CopyFileW
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
SetThreadPriority
ResumeThread
GlobalGetAtomNameW
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetVersionExW
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
FileTimeToSystemTime
GetCurrentDirectoryW
DeleteFileW
GetFileAttributesW
FindClose
FindFirstFileW
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
lstrcmpiW
FindResourceExW
GetTempFileNameW
GetTempPathW
SearchPathW
GetTickCount
GetProfileIntW
Sleep
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
GetStringTypeW
LCMapStringW
GetCPInfo
FormatMessageA
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapQueryInformation
QueryPerformanceFrequency
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
GetACP
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
lstrcpyW
FreeLibrary
LoadLibraryW
GetWindowsDirectoryW
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
WriteFile
GetSystemDefaultUILanguage

user32

ClientToScreen
FillRect
GetWindowThreadProcessId
GetMenuStringW
GetMenuState
InsertMenuW
AppendMenuW
RemoveMenu
GetCursorPos
WindowFromPoint
IntersectRect
DrawStateW
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
GetDesktopWindow
SendDlgItemMessageA
SetRectEmpty
OffsetRect
PostQuitMessage
SetWindowContextHelpId
MapDialogRect
DrawEdge
DrawFrameControl
SetWindowRgn
GetSysColorBrush
DrawFocusRect
IsRectEmpty
DrawIconEx
GetMessageW
TranslateMessage
ShowOwnedPopups
GetKeyNameTextW
MapVirtualKeyW
DestroyMenu
GetMenuItemInfoW
SystemParametersInfoW
CopyImage
RealChildWindowFromPoint
GetAsyncKeyState
SetLayeredWindowAttributes
EnumDisplayMonitors
TrackMouseEvent
IsZoomed
CharUpperW
SetCapture
ReleaseCapture
GetSystemMenu
DeleteMenu
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
DestroyIcon
LoadImageW
WaitMessage
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
GetNextDlgGroupItem
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetDoubleClickTime
GetIconInfo
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
GetUpdateRect
ToUnicodeEx
IsWindowEnabled
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
RegisterClipboardFormatW
GetWindowDC
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
FrameRect
PostThreadMessageW
HideCaret
InvertRect
SubtractRect
IsClipboardFormatAvailable
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
CreateMenu
DestroyCursor
GetWindowRgn
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
GetWindowLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
LoadMenuW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
CharUpperBuffW
TrackPopupMenu
GetMenuItemCount
WinHelpW
SetScrollInfo
GetScrollInfo
GrayStringW
DrawTextExW
TabbedTextOutW
DrawTextW
UnregisterClassW
DrawIcon
GetSystemMetrics
IsIconic
LoadIconW
MessageBoxW
MessageBoxA
CopyIcon
LoadCursorW
InflateRect
ReleaseDC
GetDC
GetParent
GetWindowRect
IsWindow
SetCursor
PtInRect
ScreenToClient
GetMessagePos
SetTimer
InvalidateRect
MessageBeep
GetClientRect
SetWindowLongW
KillTimer
SendMessageW
RedrawWindow
GetSysColor
EnableWindow
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetKeyboardLayout
SetWindowPlacement

gdi32

CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
DeleteObject
ExcludeClipRect
GetClipBox
GetDeviceCaps
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetTextColor
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
CreateDCW
CombineRgn
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
DPtoLP
CreateEllipticRgn
SetLayout
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
LPtoDP
GetSystemPaletteEntries
GetNearestPaletteIndex
EnumFontFamiliesExW
GetPaletteEntries
CreatePalette
RoundRect
OffsetRgn
Rectangle
SetDIBColorTable
StretchBlt
SetPixel
RealizePalette
GetRgnBox
CreateDIBSection
CreateRoundRectRgn
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetTextMetricsW
CreateSolidBrush
GetStockObject
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateRectRgn
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetTextFaceW
SetWindowExtEx
SetBkColor

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryValueW
RegEnumKeyExW
RegCloseKey
RegEnumValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

ShellExecuteW
DragFinish
DragQueryFileW
SHGetFileInfoW
SHAppBarMessage
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderPathA

msimg32

TransparentBlt
AlphaBlend

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFileExistsA

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
GetWindowTheme
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
IsAppThemed

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateFromHDC

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

ole32

CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CoCreateGuid
CoRevokeClassObject
CoRegisterMessageFilter
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
IsAccelerator

oleaut32

VariantCopy
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
SysAllocString
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SafeArrayDestroy
OleCreateFontIndirect

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

360789a291b5344cc27124888101e5e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

msimg32

comctl32

shlwapi

uxtheme

oledlg

gdiplus

version

oleacc

imm32

winmm

winspool.drv

ole32

oleaut32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 386KB - Virtual size: 386KB

.data Size: 28KB - Virtual size: 54KB

.gfids Size: 107KB - Virtual size: 107KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 135KB - Virtual size: 134KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 386KB - Virtual size: 386KB

.data
Size: 28KB - Virtual size: 54KB

.gfids
Size: 107KB - Virtual size: 107KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 135KB - Virtual size: 134KB