152ef0f4b3a9f0ee56a52c6fe4925fbcce6733dce6bf87724eee12c664fec253

Sharing

Copy URL

Twitter E-mail

General

Target

152ef0f4b3a9f0ee56a52c6fe4925fbcce6733dce6bf87724eee12c664fec253
Size

1.1MB
MD5

8e2820d4f2ed9b24dec5dff965804373
SHA1

e040dec6158f1d9e4f9c6018da505cf6fccdc704
SHA256

152ef0f4b3a9f0ee56a52c6fe4925fbcce6733dce6bf87724eee12c664fec253
SHA512

419bf2f471ccf5e922134fbd4809eab02311c992ce1438fda1db6a91ea7237229409d397d81f9a7096142e6457b64b372224de291723d03ef10f504138293aa1
SSDEEP

24576:0EYSugkUK+zTEvOji7mE1xeaId47BV8Wtsj1v3lW+gVYr9b5etfmF09WBLHgZtJo:gSugkUHTpii4zAN1pZ9etz9WBLHkJ8LH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
152ef0f4b3a9f0ee56a52c6fe4925fbcce6733dce6bf87724eee12c664fec253

Files

152ef0f4b3a9f0ee56a52c6fe4925fbcce6733dce6bf87724eee12c664fec253
.exe windows:6 windows x86 arch:x86

a23d12ba587ac5d3b2f33c23967c0dd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\Target\x86\ship\setupexe\x-none\olicenseheartbeat.pdb

Imports

msvcr100

_vsnwprintf_s
_stricmp
_CIlog
_CIexp
_clearfp
_itow_s
ldiv
_vscwprintf
_vsnprintf_s
realloc
malloc
free
vsprintf_s
wcstol
vswprintf_s
_wcsicmp
wcsncat_s
bsearch
wcsstr
??0exception@std@@QAE@ABQBD@Z
strchr
wcscpy_s
strncpy_s
_wtoi
wcstoul
wcsncpy_s
swprintf_s
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
memmove
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wmemcpy_s
__lconv_init
wcsrchr
_invalid_parameter_noinfo_noreturn
memcmp
wcscmp
memcpy_s
wcsnlen
wcschr
towlower
swscanf_s
_snwprintf_s

msvcp100

?max@?$numeric_limits@_K@std@@SA_KXZ
?_Xfunc@tr1@std@@YAXXZ
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?uncaught_exception@std@@YA_NXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

advapi32

CryptImportKey
CryptDestroyKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
RegNotifyChangeKeyValue
OpenThreadToken
RevertToSelf
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW
EventUnregister
EventRegister
EventWrite
RegOpenKeyExW
RegGetValueW
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
CryptExportKey
OpenProcessToken
GetTokenInformation
AddAccessAllowedAce
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
RegCreateKeyExW
AddAccessDeniedAce
AllocateAndInitializeSid
CheckTokenMembership
CopySid
CreateWellKnownSid
EqualSid
FreeSid
GetLengthSid
GetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
IsValidSid
SetSecurityDescriptorDacl
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

InterlockedCompareExchange
GetStartupInfoW
EncodePointer
DecodePointer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
InterlockedExchange
WerRegisterMemoryBlock
VirtualProtect
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapSetInformation
GetProcessHeap
QueryPerformanceCounter
CompareStringEx
IsWow64Process
GetCurrentThreadId
GetCurrentProcess
CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex
GetLastError
CloseHandle
LoadLibraryA
FlushFileBuffers
CompareFileTime
GetComputerNameW
GetVersionExW
SetErrorMode
LocalFree
LocalAlloc
GetSystemPowerStatus
IsSystemResumeAutomatic
CreateMemoryResourceNotification
GetProcessAffinityMask
CreateThread
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
CreateWaitableTimerW
CancelWaitableTimer
SetWaitableTimerEx
QueryDepthSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
TryEnterCriticalSection
GetThreadIOPendingFlag
WaitForSingleObject
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
IsProcessorFeaturePresent
CreateEventW
GetFileAttributesW
FindNextFileW
InitializeSRWLock
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateEventExW
ReleaseSemaphore
ResetEvent
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GlobalAlloc
WaitForMultipleObjectsEx
CreateFileMappingA
CreateSemaphoreA
OpenMutexA
CreateEventA
CreateMutexA
GlobalFree
OpenProcess
SetEvent
GetUserDefaultUILanguage
GetUserGeoID
GetProductInfo
GetNativeSystemInfo
GetSystemDirectoryW
GlobalMemoryStatusEx
GetFileSize
GetDiskFreeSpaceExW
GetFileType
GetOverlappedResult
RemoveDirectoryW
SizeofResource
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
SetEndOfFile
DeviceIoControl
GetFileTime
SetFileTime
CancelIoEx
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleHandleW
GetProcAddress
LoadLibraryExW
RaiseException
GetStringTypeExW
FormatMessageW
TlsAlloc
LocaleNameToLCID
GetUserDefaultLocaleName
GetSystemDefaultLocaleName
TlsGetValue
TlsSetValue
TlsFree
MultiByteToWideChar
SetLastError
WideCharToMultiByte
IsValidCodePage
GetSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTempPathW
GetLongPathNameW
GetShortPathNameW
GetTempFileNameW
FreeLibrary
ReadFile
WriteFile
UnmapViewOfFile
CreateFileW
GetFileSizeEx
MapViewOfFile
GetModuleFileNameW
LoadResource
FindResourceW
CompareStringW
IsValidLocale
GetSystemDefaultLCID
GetUserDefaultLCID
LCIDToLocaleName
HeapAlloc
HeapFree
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
GetFileAttributesExW
SetFileAttributesW
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
RtlCaptureStackBackTrace
GetCurrentThread
RaiseFailFastException
GetLocalTime
GetTickCount64

ole32

StringFromGUID2
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoRegisterInitializeSpy
CoRevokeInitializeSpy
StringFromCLSID
CLSIDFromString
CoGetObject
CoCreateInstance
CoCreateGuid

webservices

WsCall
WsGetFaultErrorDetail
WsResetError
WsCreateReader
WsSetInput
WsSetInputToBuffer
WsFillReader
WsReadStartElement
WsReadToStartElement
WsCreateWriter
WsFreeWriter
WsCreateError
WsGetErrorString
WsGetErrorProperty
WsFreeError
WsCreateHeap
WsFreeHeap
WsReadType
WsDateTimeToFileTime
WsFileTimeToDateTime
WsFreeReader
WsAddCustomHeader

Sections

.text
Size: 709KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 256KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a23d12ba587ac5d3b2f33c23967c0dd1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr100

msvcp100

advapi32

kernel32

ole32

webservices

Sections

.text Size: 709KB - Virtual size: 708KB

.data Size: 256KB - Virtual size: 257KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 125KB - Virtual size: 128KB

.text
Size: 709KB - Virtual size: 708KB

.data
Size: 256KB - Virtual size: 257KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 125KB - Virtual size: 128KB