03499a86dd628729b659f226ac16276775f1f8bd9c52edc7d39268b261382a26

Sharing

Copy URL

Twitter E-mail

General

Target

03499a86dd628729b659f226ac16276775f1f8bd9c52edc7d39268b261382a26
Size

3.6MB
MD5

ca164941789fcf59333035ce0b2b9912
SHA1

c8d377725712ebd60cf43d0c0900caa0bdb2f5b8
SHA256

03499a86dd628729b659f226ac16276775f1f8bd9c52edc7d39268b261382a26
SHA512

a935b772e51059f682e0a4801a7281f547d4e63468c3c67ec9c4645e98e0a6fb174936385d5cb3c5469d0a4f99ab4d652f8e7d434f4af0e9eadb863e5a445c5d
SSDEEP

49152:6rY3Zwwtb40CNLrqkPSapq+/kDSSjosttjPpwBZTL/p+iJLTsXX5HhV8CJR:603lv8NP1X/k2S5jPuLTL/bMXNr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03499a86dd628729b659f226ac16276775f1f8bd9c52edc7d39268b261382a26

Files

03499a86dd628729b659f226ac16276775f1f8bd9c52edc7d39268b261382a26
.exe windows:6 windows x86 arch:x86

c265e9503612cb8c7017ccfa6367156e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Workspace\p-529f4c7811c84c1389b9ab6124be5dee\Build\Squidx86.pdb

Imports

kernel32

DisconnectNamedPipe
CreateEventW
SetEvent
TerminateThread
CreateThread
ResetEvent
GetOverlappedResult
GetProcAddress
LocalFree
GetCurrentProcessId
GetModuleHandleW
CreateEventA
WaitNamedPipeW
ConnectNamedPipe
LoadLibraryW
QueryPerformanceFrequency
QueryPerformanceCounter
IsWow64Process
Wow64DisableWow64FsRedirection
CreateFileA
Wow64RevertWow64FsRedirection
GetFileSizeEx
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FreeLibrary
WideCharToMultiByte
SetErrorMode
GetModuleFileNameA
LoadLibraryA
VerSetConditionMask
VerifyVersionInfoW
GetLogicalDriveStringsA
QueryDosDeviceA
GetWindowsDirectoryA
GetSystemTimeAsFileTime
GetFileAttributesExA
CreateMutexA
GetSystemDirectoryA
FindFirstFileExA
FindNextFileA
FindClose
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OpenFileMappingA
ReleaseMutex
GetFileInformationByHandle
VirtualFree
VirtualAlloc
ReleaseSemaphore
OpenEventA
SizeofResource
QueryDosDeviceW
FindFirstFileA
GetProcessId
K32GetModuleFileNameExW
SetThreadPriority
SetFilePointer
lstrlenA
GetModuleHandleA
OpenProcess
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
GetExitCodeThread
K32GetModuleFileNameExA
OpenMutexA
Process32NextW
LockResource
lstrcpyA
Process32FirstW
FindResourceExW
LoadResource
FindResourceW
K32EnumProcesses
GetFileSize
K32EnumProcessModules
CreateFileMappingW
lstrcmpiW
GetFileTime
LoadLibraryExA
GetModuleHandleExA
FormatMessageA
RtlUnwind
SetLastError
VirtualQuery
VirtualProtect
FindFirstVolumeW
K32GetModuleInformation
ReadProcessMemory
FindVolumeClose
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
GetLogicalDrives
GetDriveTypeA
GetVolumeInformationA
lstrlenW
lstrcpynW
LocalAlloc
QueryFullProcessImageNameW
CreateMutexW
DuplicateHandle
lstrcmpiA
SystemTimeToFileTime
GetSystemTime
TryEnterCriticalSection
AreFileApisANSI
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
GetFileAttributesW
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
GetSystemInfo
HeapCompact
UnlockFile
LockFileEx
GetTickCount
FlushFileBuffers
GetCurrentThread
GetNativeSystemInfo
GetStringTypeW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
IsDebuggerPresent
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ResumeThread
WaitForSingleObject
EncodePointer
WaitForMultipleObjects
CreateNamedPipeW
GetCurrentProcess
CancelIo
ReadFile
Sleep
IsBadReadPtr
GetProcessHeap
DeleteCriticalSection
WriteConsoleW
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
OutputDebugStringW
GetLastError
GetConsoleMode
FindNextFileW
FindFirstFileExW
CreatePipe
MoveFileExW
GetExitCodeProcess
ReadConsoleW
GetConsoleOutputCP
SetFilePointerEx
GetTimeZoneInformation
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
CreateProcessW
ExitThread
GetModuleHandleExW
ExitProcess
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
GetCurrentThreadId
CreateFileW
InitializeCriticalSectionEx
GetModuleFileNameW
WriteFile
GetStdHandle
HeapFree
lstrcpynA

user32

GetMessageW
TranslateMessage
DispatchMessageW
FindWindowExA
wsprintfA
GetWindowThreadProcessId
wsprintfW

advapi32

OpenServiceW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
EnableTraceEx2
CloseTrace
ControlTraceW
ProcessTrace
StartTraceW
OpenTraceW
RegEnumValueA
CloseServiceHandle
OpenSCManagerW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
InitializeSecurityDescriptor
LookupAccountSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
OpenProcessToken
RegOpenKeyExA

ole32

CoCreateGuid
CoTaskMemFree
StringFromCLSID
CLSIDFromString

shell32

SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

shlwapi

SHGetValueA
PathAddExtensionA
StrStrNIW
PathIsDirectoryA
StrStrA
PathIsSameRootA
PathRemoveFileSpecA
PathAddBackslashW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameA
PathFileExistsA
PathCombineA
PathStripToRootA
PathAppendA
StrStrIA

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

ws2_32

inet_ntop
ntohs

tdh

TdhGetPropertySize
TdhGetEventInformation

ntdll

NtSetSystemInformation
NtQuerySystemInformation

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpCheckPlatform

iphlpapi

GetTcpTable2
GetExtendedTcpTable
GetAdaptersAddresses
GetExtendedUdpTable

rpcrt4

UuidCreate

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

wininet

FindFirstUrlCacheEntryExA
FindNextUrlCacheEntryExA
FindCloseUrlCache

crypt32

CertGetSubjectCertificateFromStore
CertGetNameStringA
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose

Exports

Exports

luaJIT_BC_Application
luaJIT_BC_BCrypt
luaJIT_BC_BCryptUtils
luaJIT_BC_BinaryStream
luaJIT_BC_BitBang
luaJIT_BC_BlockFile
luaJIT_BC_Collections
luaJIT_BC_Computicle
luaJIT_BC_ComputicleOps
luaJIT_BC_ConsoleWindow
luaJIT_BC_Desktop
luaJIT_BC_Desktop_ffi
luaJIT_BC_FileService
luaJIT_BC_FileStream
luaJIT_BC_FileSystem
luaJIT_BC_FileSystemItem
luaJIT_BC_FsHandles
luaJIT_BC_Functor
luaJIT_BC_GDI32
luaJIT_BC_GDIWindow
luaJIT_BC_GLContext
luaJIT_BC_GLSLProgram
luaJIT_BC_GLTexture
luaJIT_BC_GLWindow
luaJIT_BC_Handle
luaJIT_BC_Handle_ffi
luaJIT_BC_Heap
luaJIT_BC_Heap_ffi
luaJIT_BC_HtmlTemplate
luaJIT_BC_HttpChunkIterator
luaJIT_BC_HttpHeaders
luaJIT_BC_HttpMessage
luaJIT_BC_HttpServer
luaJIT_BC_IOCompletionPort
luaJIT_BC_IOOps
luaJIT_BC_IUnknown
luaJIT_BC_KeyMouse
luaJIT_BC_Logfile
luaJIT_BC_LuaState
luaJIT_BC_MemoryStream
luaJIT_BC_Messenger
luaJIT_BC_NTSecAPI
luaJIT_BC_NativeSocket
luaJIT_BC_NativeWindow
luaJIT_BC_NetStream
luaJIT_BC_Network
luaJIT_BC_OSModule
luaJIT_BC_OSProcess
luaJIT_BC_OaIdl
luaJIT_BC_ObjBase
luaJIT_BC_ObjIdl
luaJIT_BC_OglMan
luaJIT_BC_PropIdl
luaJIT_BC_Query
luaJIT_BC_REPL
luaJIT_BC_ResourceMapper
luaJIT_BC_SCManager
luaJIT_BC_SID
luaJIT_BC_Scheduler
luaJIT_BC_SecError
luaJIT_BC_Shell
luaJIT_BC_SocketOps
luaJIT_BC_SocketPool
luaJIT_BC_SocketServer
luaJIT_BC_SocketUtils
luaJIT_BC_StopWatch
luaJIT_BC_StreamOps
luaJIT_BC_SubAuth
luaJIT_BC_SysInfo
luaJIT_BC_TINNThread
luaJIT_BC_Task
luaJIT_BC_TcpSplice
luaJIT_BC_Timer
luaJIT_BC_Token
luaJIT_BC_UIOSimulator
luaJIT_BC_UMS_ffi
luaJIT_BC_User32
luaJIT_BC_Util_ffi
luaJIT_BC_Vector
luaJIT_BC_View3D
luaJIT_BC_WTypes
luaJIT_BC_WebApp
luaJIT_BC_WebRequest
luaJIT_BC_WebResponse
luaJIT_BC_WebSocket
luaJIT_BC_WinBase
luaJIT_BC_WinBer_ffi
luaJIT_BC_WinCon
luaJIT_BC_WinCrypt
luaJIT_BC_WinIoCtl
luaJIT_BC_WinNT
luaJIT_BC_WinSock_Utils
luaJIT_BC_WindowKind
luaJIT_BC_WindowStation
luaJIT_BC_Workstation
luaJIT_BC_arch
luaJIT_BC_base64
luaJIT_BC_basetsd
luaJIT_BC_comp_msgpump
luaJIT_BC_console
luaJIT_BC_core_console_l1_1_0
luaJIT_BC_core_console_l2_1_0
luaJIT_BC_core_datetime_l1_1_1
luaJIT_BC_core_debug_l1_1_1
luaJIT_BC_core_errorhandling_l1_1_1
luaJIT_BC_core_file_l1_2_0
luaJIT_BC_core_file_l2_1_0
luaJIT_BC_core_firmware_l1_1_0
luaJIT_BC_core_interlocked
luaJIT_BC_core_io_l1_1_1
luaJIT_BC_core_libraryloader_l1_1_1
luaJIT_BC_core_memory_l1_1_1
luaJIT_BC_core_namedpipe_l1_2_0
luaJIT_BC_core_processenvironment
luaJIT_BC_core_processthreads_l1_1_1
luaJIT_BC_core_profile_l1_1_0
luaJIT_BC_core_psapi_l1_1_0
luaJIT_BC_core_shutdown_l1_1_0
luaJIT_BC_core_string_l1_1_0
luaJIT_BC_core_synch_l1_2_0
luaJIT_BC_core_sysinfo_l1_2_0
luaJIT_BC_core_timezone_l1_1_0
luaJIT_BC_crypt
luaJIT_BC_datetime
luaJIT_BC_dbghelp_ffi
luaJIT_BC_dkjson
luaJIT_BC_dsrole
luaJIT_BC_fun
luaJIT_BC_gdi32_ffi
luaJIT_BC_gl_constants
luaJIT_BC_gl_ffi
luaJIT_BC_gl_types
luaJIT_BC_glext
luaJIT_BC_glu
luaJIT_BC_guiddef
luaJIT_BC_httpapi
luaJIT_BC_httpstatus
luaJIT_BC_langutils
luaJIT_BC_lmcons
luaJIT_BC_logoncli_ffi
luaJIT_BC_luajit_ffi
luaJIT_BC_math_matrix
luaJIT_BC_mime
luaJIT_BC_msiterators
luaJIT_BC_mswsock
luaJIT_BC_netutils
luaJIT_BC_netutils_ffi
luaJIT_BC_ntstatus
luaJIT_BC_power_base_l1_1_0
luaJIT_BC_processenvironment
luaJIT_BC_propsys
luaJIT_BC_quaternion
luaJIT_BC_re
luaJIT_BC_samcli
luaJIT_BC_schannel
luaJIT_BC_security_base_l1_2_0
luaJIT_BC_security_credentials_l1_1_0
luaJIT_BC_security_lsalookup_l2_1_0
luaJIT_BC_security_sddl_l1_1_0
luaJIT_BC_service_core_l1_1_1
luaJIT_BC_service_management_l1_1_0
luaJIT_BC_sspi
luaJIT_BC_sspi_ffi
luaJIT_BC_sspicli
luaJIT_BC_stdlib
luaJIT_BC_stream
luaJIT_BC_stringzutils
luaJIT_BC_tabutils
luaJIT_BC_url
luaJIT_BC_user32_ffi
luaJIT_BC_utils
luaJIT_BC_vkeys
luaJIT_BC_waitForCondition
luaJIT_BC_waitForIO
luaJIT_BC_waitForSignal
luaJIT_BC_waitForTime
luaJIT_BC_wglext
luaJIT_BC_win_error
luaJIT_BC_win_socket
luaJIT_BC_wkscli
luaJIT_BC_wldap32_ffi
luaJIT_BC_ws2_32
luaJIT_BC_zlib

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 31KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c265e9503612cb8c7017ccfa6367156e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

wintrust

ws2_32

tdh

ntdll

version

winhttp

iphlpapi

rpcrt4

wtsapi32

wininet

crypt32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 31KB - Virtual size: 38KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 116KB - Virtual size: 116KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 31KB - Virtual size: 38KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 116KB - Virtual size: 116KB