test_AGSslBypassFilter[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

test_AGSslBypassFilter.exe
Size

3.9MB
MD5

e9ed7cba9d043d100ba842dc83b9bbb4
SHA1

7e73691259f6fd3f57aaddcf13ab56129d7b44fb
SHA256

899261b89975ca99903da23c112068a5a1fe610c0c542da3c6ae26dfcf8fe347
SHA512

bda2149cb9a65e3523fb86c664b8297a5691e69a107f01996ecdca7dccb6255a0796e0d46291abe379aa459f54a650f2b8f951e37a45126722262fb889dd3e44
SSDEEP

49152:qV2UE29ht14Oz6jSX5aN/i0wUM7MCHC4CYCGCBWTBeGew6h8aCmimf:oEgfmg4C5aN/iUMn/baPim

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
test_AGSslBypassFilter.exe

Files

test_AGSslBypassFilter.exe
.exe windows x86

c707d1d6559d87d9cb02f77df5ca9e07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SystemFunction036

wsock32

ntohs
WSAStartup
select
closesocket
recv
send

ws2_32

getnameinfo

bcrypt

BCryptGenRandom

kernel32

UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
VirtualFree
VirtualProtect
VirtualAlloc
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCommandLineA
GetConsoleCP
GetTimeZoneInformation
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
WriteFile
AreFileApisANSI
GetACP
GetOEMCP
MultiByteToWideChar
GetFullPathNameW
FindFirstFileExW
FindClose
FindNextFileW
WideCharToMultiByte
CloseHandle
GetFileSizeEx
SetFilePointerEx
ReadFile
GetCurrentThreadId
GetLastError
GetSystemTime
SystemTimeToFileTime
CreateThread
SetLastError
CreateFileW
SetEndOfFile
GetFileAttributesExW
DeleteFileW
GetFileAttributesW
GetConsoleMode
WriteConsoleW
WaitForSingleObject
CreateDirectoryW
FormatMessageW
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetModuleFileNameW
GetCommandLineW
FreeLibrary
LoadLibraryExW
QueryPerformanceFrequency
CreateEventW
WaitForSingleObjectEx
SetEvent
GetCurrentProcessId
SetConsoleCtrlHandler
GetCurrentProcess
QueryPerformanceCounter
GetCurrentThread
GetThreadTimes
GetDiskFreeSpaceW
SwitchToThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
CreateEventA
GetTickCount
ResetEvent
FormatMessageA
LocalFree
LoadLibraryA
UnmapViewOfFile
CreateFileMappingA
GetSystemInfo
MapViewOfFile
Sleep
ReleaseSemaphore
LoadLibraryW
GetVersionExA
InitializeCriticalSection
CreateFileA
CreateFileMappingW
CreateMutexW
DeleteFileA
FlushFileBuffers
GetDiskFreeSpaceA
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetTempPathA
GetTempPathW
GetVersionExW
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
LockFile
LockFileEx
SetFilePointer
UnlockFile
UnlockFileEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitOnceExecuteOnce
TlsAlloc
TlsGetValue
TlsSetValue
FreeEnvironmentStringsW
ReleaseMutex
RtlCaptureContext
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
DuplicateHandle
GetStdHandle
TerminateProcess
CreateMutexA
GetFileInformationByHandle
DeviceIoControl
ExitProcess
GetModuleHandleA
ReadConsoleW
ExitThread
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
TlsFree
EncodePointer
DecodePointer
CompareStringW

Exports

Exports

AGCApiPFAddRule
AGCApiPFChangeFilteringState
AGCApiPFClearRule
AGCApiPFIsFiltered
adg_safebrowsing_process_http_response
adg_safebrowsing_update
logger_set_default_callback
logger_set_default_log_level

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c707d1d6559d87d9cb02f77df5ca9e07

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

wsock32

ws2_32

bcrypt

kernel32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 64KB - Virtual size: 85KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 74KB - Virtual size: 74KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 64KB - Virtual size: 85KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 74KB - Virtual size: 74KB