e92ccf74a38ee8e1315f8004b1f00603797478e95e26f5d91d1151924fb6a501

Sharing

Copy URL

Twitter E-mail

General

Target

e92ccf74a38ee8e1315f8004b1f00603797478e95e26f5d91d1151924fb6a501
Size

1.6MB
MD5

4622afa81e3475d497d86c2e42c798da
SHA1

0a4e4b506bc799829a521239b41cd42adf375a41
SHA256

e92ccf74a38ee8e1315f8004b1f00603797478e95e26f5d91d1151924fb6a501
SHA512

04897b6278e9afb23763c8303378f9581ace8801230a657400dd3cb19000d424e4ce9759e07e4e41d0acb7fc04b48a092de373dd8d1cf9f300724208e0f07124
SSDEEP

24576:YxNv8S3QGW/uHpOmdbeAxlI8dDQ50AE71ki6ejJpl/LVllf3YSBHrDfpkVEpfLW2:ONlhHpH48dX6ejrzlxtBLDfpkOpfqtw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e92ccf74a38ee8e1315f8004b1f00603797478e95e26f5d91d1151924fb6a501

Files

e92ccf74a38ee8e1315f8004b1f00603797478e95e26f5d91d1151924fb6a501
.dll windows:5 windows x86 arch:x86

200e9387a7f0e8e637b9f630f0f2841f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\jobs\CLIENT_CHAN_BACKUP\workspace\uuclient\bin\tcp_proxy.pdb

Imports

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateContext

msvcp100

?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
??0_Container_base12@std@@QAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?setf@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
_Stolx
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?rdstate@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

msvcr100

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
strpbrk
_purecall
fputs
_gmtime64_s
sscanf
strncpy
sprintf
fopen
strspn
strcspn
strtoul
strtol
_strnicmp
_stat64i32
strstr
fgets
fseek
feof
ftell
fflush
fwrite
fread
ferror
qsort
_stricmp
strerror_s
strcmp
isspace
strchr
strrchr
strncmp
_strdup
raise
_exit
wcsstr
malloc
memcpy
memset
??_V@YAXPAX@Z
getenv
realloc
_get_osfhandle
_errno
signal
__iob_func
_stat64
free
perror
_dup2
abort
srand
system
ldiv
rand
_snprintf
_time64
fclose
wcscpy_s
_wsetlocale
memcpy_s
_fileno
strftime
_vsnprintf
_vsnwprintf
fprintf
fopen_s
_filelengthi64
floor
__CxxFrameHandler3
_recalloc
_localtime64_s
memmove_s
tolower
atoi
memchr
??2@YAPAXI@Z
_close
_open_osfhandle
??3@YAXPAX@Z
memmove
sprintf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_wfopen
_setmode
_CxxThrowException

kernel32

DisableThreadLibraryCalls
WaitForSingleObject
Sleep
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
QueryPerformanceFrequency
FindResourceExW
FindResourceW
LoadResource
OutputDebugStringW
InitializeCriticalSection
WideCharToMultiByte
SizeofResource
MultiByteToWideChar
LockResource
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
SetEvent
CreateEventA
CreateSemaphoreA
GetLastError
CreateThread
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcessId
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetVersion
WriteFile
GetFileType
GetStdHandle
SetLastError
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedExchangeAdd
DeleteFiber
SwitchToFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
FormatMessageW
FreeLibrary
LoadLibraryA
CloseHandle
LoadLibraryW
FindNextFileW
FindFirstFileW
FindClose
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetEnvironmentVariableW
EncodePointer
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
IsProcessorFeaturePresent
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedExchange
DecodePointer

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

advapi32

CryptDecrypt
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptEnumProvidersW
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey

shell32

SHGetSpecialFolderPathW

shlwapi

PathFileExistsA

ws2_32

bind
recv
setsockopt
shutdown
htons
WSAGetLastError
inet_addr
connect
ioctlsocket
accept
listen
ntohs
getpeername
socket
getsockname
__WSAFDIsSet
select
WSASend
WSARecv
htonl
WSAAddressToStringA
WSAStringToAddressA
sendto
recvfrom
freeaddrinfo
getnameinfo
getaddrinfo
gethostbyname
WSACleanup
WSASetLastError
closesocket
send
getsockopt
WSAStartup

Exports

Exports

start_tcp_proxy
stop_tcp_proxy

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

200e9387a7f0e8e637b9f630f0f2841f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

msvcp100

msvcr100

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 378KB - Virtual size: 377KB

.data Size: 4KB - Virtual size: 1.0MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 378KB - Virtual size: 377KB

.data
Size: 4KB - Virtual size: 1.0MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 59KB - Virtual size: 59KB