511fb8e42bcaaa4ca95a3068a38e111c3b0f8348b1834eb247a0a31b57d9bd4a

Sharing

Copy URL Twitter E-mail

General

Target

511fb8e42bcaaa4ca95a3068a38e111c3b0f8348b1834eb247a0a31b57d9bd4a
Size

144KB
MD5

1bf4fc87a51e52e585af19d2dd93ebcb
SHA1

1bdf61070d730a70602090519d1cb428cdc7bb34
SHA256

511fb8e42bcaaa4ca95a3068a38e111c3b0f8348b1834eb247a0a31b57d9bd4a
SHA512

124f4889e6e58c3913b83967c7d3b5f8d2e04f79942410e37492579b7368c6650ce58ac63dd55e9b6d8a1e2b721aa5349ac7badf53a1c5d16a10f360e3e256b5
SSDEEP

768:NAG+v6xtsw4JFGO6RlxoHutFAorIwZ7jou94j4PAGdPxE9d/oEFugjUUvI6MJReP:yGbx74JsZfoHrenoEpA/TAgK6MJRem0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
511fb8e42bcaaa4ca95a3068a38e111c3b0f8348b1834eb247a0a31b57d9bd4a

Files

511fb8e42bcaaa4ca95a3068a38e111c3b0f8348b1834eb247a0a31b57d9bd4a
.dll windows x64

2e475686224dfa2fb2ed5076413f0393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

NtUnmapViewOfSection
NtSetContextThread
wcsnlen
strnlen
NtClose
NtCreateFile
NtDeviceIoControlFile
RtlInitUnicodeString
RtlAllocateHeap
RtlFreeHeap
NtAllocateVirtualMemory
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
NtQueryInformationFile
NtReadFile
memcpy
NtQueryInformationProcess
LdrLoadDll
NtQueryVirtualMemory
LdrDisableThreadCalloutsForDll
__C_specific_handler
RtlImageNtHeader
RtlCompareUnicodeString
LdrLockLoaderLock
LdrUnlockLoaderLock
_strnicmp
memset
RtlImageNtHeaderEx
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlIsGenericTableEmptyAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlInsertElementGenericTableAvl
memcmp
NtQuerySystemInformation
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
NtWaitForSingleObject
RtlAddFunctionTable
RtlGetNtVersionNumbers
RtlInitializeResource
RtlReleaseResource
RtlDeleteResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlCreateHeap
RtlDestroyHeap
RtlNtStatusToDosError

Exports

Exports

KlhkumBootstrapper
KlhkumBootstrapper2
KlhkumFastEntry
KlhkumFastEntry2
KlhkumMain
KlhkumUnmapBootstrapModule

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e475686224dfa2fb2ed5076413f0393

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 83KB - Virtual size: 86KB

.pdata Size: 2KB - Virtual size: 2KB

.rodata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 83KB - Virtual size: 86KB

.pdata
Size: 2KB - Virtual size: 2KB

.rodata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB