98d8f16167058ad7d24402b1c6dfa335dee87ae4442196b741933ca26256eb9a

Sharing

Copy URL

Twitter E-mail

General

Target

98d8f16167058ad7d24402b1c6dfa335dee87ae4442196b741933ca26256eb9a
Size

1.9MB
MD5

82ca4124b280b79b63801f6219d0627f
SHA1

24eaefa2820e20f267c3d263a852ce94e193cb77
SHA256

98d8f16167058ad7d24402b1c6dfa335dee87ae4442196b741933ca26256eb9a
SHA512

318bbbf04f97d65933a799d8e3b179a3b8a218707804ddd17928b787fa99598094f92f3bd03921e5c66ca1a8cb20062a83250d66c772fe5159d0c898514eac98
SSDEEP

49152:JIEdcqRbL25gHkntSC8L+zlptuPZuqT7Nh:JIEhbL2eyIC8KzZu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98d8f16167058ad7d24402b1c6dfa335dee87ae4442196b741933ca26256eb9a

Files

98d8f16167058ad7d24402b1c6dfa335dee87ae4442196b741933ca26256eb9a
.dll windows x86

f3ffc961f4644be1caa8aef3ca12501a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
FindNextFileW
FindFirstFileW
FindClose
ConvertFiberToThread
ConvertThreadToFiber
FreeLibrary
GetProcAddress
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SystemTimeToFileTime
GetSystemTime
GetEnvironmentVariableW
GetModuleHandleExW
CreateFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchangeAdd
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedCompareExchange
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
SetEvent
SwitchToFiber
DeleteFiber
GetStdHandle
GetFileType
WriteFile
GetVersion
MultiByteToWideChar
GetModuleHandleW
CreateEventA
LockResource
LoadResource
SizeofResource
FindResourceA
CloseHandle
WaitForSingleObject
GetLastError
CreateThread
OutputDebugStringA
DeleteFileA
GetFileAttributesExA
LoadLibraryA
OutputDebugStringW
InitializeCriticalSection
InterlockedIncrement
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetModuleFileNameW
GetLocalTime
CreateFileW
SetFilePointer
FreeConsole
WriteConsoleW
AllocConsole
EncodePointer
RtlUnwind
RaiseException
InterlockedFlushSList
LoadLibraryExW
ReadFile
ExitProcess
SetConsoleCtrlHandler
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
CompareStringW
LCMapStringW
DecodePointer
GetTimeZoneInformation
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetFilePointerEx
HeapReAlloc
GetStringTypeW
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
HeapSize
SetEndOfFile
GetSystemInfo
GetVersionExW
InterlockedDecrement

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
GetSystemMetrics

advapi32

RegCloseKey
RegOpenKeyW
RegCreateKeyW
RegOpenKeyExW
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptEnumProvidersW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegQueryValueExW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext

ws2_32

recv
send
getsockopt
getsockname
ntohs
ntohl
getpeername
sendto
recvfrom
closesocket
shutdown
connect
socket
bind
htonl
htons
setsockopt
accept
WSACleanup
WSAStartup
WSAIoctl
WSAGetLastError
WSASetLastError
listen

Exports

Exports

??0CSSLServer@@QAE@XZ
??4CSSLServer@@QAEAAV0@$$QAV0@@Z
??4CSSLServer@@QAEAAV0@ABV0@@Z
CloseServer
Finalize
Initialize
OpenServer

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3ffc961f4644be1caa8aef3ca12501a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

crypt32

ws2_32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 423KB - Virtual size: 423KB

.data Size: 25KB - Virtual size: 43KB

.gfids Size: 512B - Virtual size: 284B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 57KB - Virtual size: 57KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 423KB - Virtual size: 423KB

.data
Size: 25KB - Virtual size: 43KB

.gfids
Size: 512B - Virtual size: 284B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 57KB - Virtual size: 57KB