63dafbf2481c3aab8fa043c5961d35cfff35897a1b4fbd559e0a71959b5fbaa0

Sharing

Copy URL

Twitter E-mail

General

Target

63dafbf2481c3aab8fa043c5961d35cfff35897a1b4fbd559e0a71959b5fbaa0
Size

2.9MB
MD5

403e3d69f9374f130ed50ead17511ee4
SHA1

8c04706c25bff899e9b946ba8f0e34ea8065b592
SHA256

63dafbf2481c3aab8fa043c5961d35cfff35897a1b4fbd559e0a71959b5fbaa0
SHA512

b74c4d31c0d393f92cad06d799484cc3c3ec05564331d0d272c09db52908da948b72b65f80bb05e1f43d032a6083de0a0b759846dc5b9565693ef67aa96f60c1
SSDEEP

49152:9mIU6iCVwASO5GtlqodL51GMUs3d4qpcaPAmPaggHxv0L0qBpaBTpgV8P1WzOF:j+d8MUSXIYa3Y4z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63dafbf2481c3aab8fa043c5961d35cfff35897a1b4fbd559e0a71959b5fbaa0

Files

63dafbf2481c3aab8fa043c5961d35cfff35897a1b4fbd559e0a71959b5fbaa0
.exe windows:6 windows x64 arch:x64

5f7f8f29780ae9c5f3e06d48b518e604

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\T\M\BuildResults\bin\Release_x64\AcroBroker.pdb

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

getsockopt
ntohs
select
WSAStartup
WSACleanup
socket
WSAGetLastError
shutdown
ioctlsocket
gethostbyname
recv
htonl
setsockopt
htons
connect
closesocket
send
getservbyport
inet_addr
inet_ntoa
WSASetLastError
getservbyname
gethostbyaddr

kernel32

DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
Sleep
CreateThread
GetCurrentThreadId
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
LoadLibraryW
lstrcmpiW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
MultiByteToWideChar
GetUserDefaultLCID
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileSize
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
LocalAlloc
CopyFileW
WideCharToMultiByte
InitializeSRWLock
SetLastError
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentVariableW
VirtualFree
GetACP
RtlVirtualUnwind
GetSystemDirectoryA
LoadLibraryA
FormatMessageA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionEx
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
SwitchToThread
GetFullPathNameW
RaiseException
DecodePointer
OutputDebugStringA
GetLongPathNameW
LocalFree
GetCurrentProcessId
GetLastError
GetTempPathW
CreateDirectoryW
GetProcAddress
GetModuleHandleExW
GetCurrentProcess
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreA
GetDriveTypeW
ReleaseSRWLockExclusive

user32

SetProcessWindowStation
CreateWindowStationW
GetProcessWindowStation
GetUserObjectInformationW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
MessageBoxW
CharNextW
CreateDesktopW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExA
RegCreateKeyExA
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
CreateWellKnownSid
CopySid

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetKnownFolderPath

ole32

CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoTaskMemFree
CoUninitialize
CoCreateInstance

oleaut32

SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr

sqlite

sqlite3_reset
sqlite3_finalize
sqlite3_column_type
sqlite3_column_bytes
sqlite3_column_text
sqlite3_column_int64
sqlite3_column_int
sqlite3_column_double
sqlite3_column_blob
sqlite3_close
sqlite3_bind_parameter_count
sqlite3_bind_text
sqlite3_bind_null
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_double
sqlite3_bind_blob
sqlite3_free
sqlite3_busy_timeout
sqlite3_changes
sqlite3_last_insert_rowid
sqlite3_exec
sqlite3_open_v2
sqlite3_get_autocommit
sqlite3_errcode
sqlite3_errmsg
sqlite3_prepare_v2
sqlite3_create_function
sqlite3_value_int
sqlite3_value_type
sqlite3_result_error
sqlite3_result_value
sqlite3_step

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

shlwapi

AssocQueryStringW
PathCanonicalizeW
PathRemoveBackslashW

bcrypt

BCryptGenRandom

vcruntime140

wcsrchr
wcsstr
__C_specific_handler
memcmp
memmove
memset
memcpy
_CxxThrowException
_purecall
__std_exception_copy
__std_terminate
strchr
strrchr
memchr
strstr
__current_exception
__current_exception_context
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_errno
_initterm_e
exit
_seh_filter_exe
_c_exit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo
_set_app_type
_cexit
_set_invalid_parameter_handler
signal
_configure_wide_argv
_initialize_wide_environment
terminate
_get_wide_winmain_command_line
_register_thread_local_exe_atexit_callback
_initterm
strerror_s
raise
_exit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
fclose
__stdio_common_vsprintf
__p__commode
_wfopen
_set_fmode
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
fputs
feof
ferror
fflush
fgets
_fileno
fread
fseek
ftell
fwrite
setvbuf
_setmode
__acrt_iob_func
__stdio_common_vfprintf
fopen
__stdio_common_vsscanf
__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

strcpy_s
strncpy_s
strtok_s
wcstok_s
wcsnlen
isdigit
strcspn
strspn
_strdup
strcmp
strncmp
strlen
_wcsnicmp
wcsncmp
strcat_s
wcscat_s
tolower
_wcsicmp
wcsncpy_s
wcscpy_s
iswalpha
_wcsdup
strncpy
isspace

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
_set_new_mode
_recalloc
realloc
malloc
free

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_wrename
_wsplitpath
_stat64i32

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 774KB - Virtual size: 773KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f7f8f29780ae9c5f3e06d48b518e604

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

kernel32

user32

winspool.drv

advapi32

shell32

ole32

oleaut32

sqlite

msvcp140

shlwapi

bcrypt

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 774KB - Virtual size: 773KB

.data Size: 12KB - Virtual size: 22KB

.pdata Size: 98KB - Virtual size: 98KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 774KB - Virtual size: 773KB

.data
Size: 12KB - Virtual size: 22KB

.pdata
Size: 98KB - Virtual size: 98KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 35KB - Virtual size: 35KB