f84dfab4ae28ba014a399560ea68b905b8e35d2ffc06298b1d793ecd0314c664

Sharing

Copy URL Twitter E-mail

General

Target

f84dfab4ae28ba014a399560ea68b905b8e35d2ffc06298b1d793ecd0314c664
Size

505KB
MD5

2988cd609b53a512fb6f7b19ff725ffc
SHA1

28e98b84ce9aaadba9de49d3794e88333ac31d57
SHA256

f84dfab4ae28ba014a399560ea68b905b8e35d2ffc06298b1d793ecd0314c664
SHA512

c51565a5f576e806e729eaa8df2cfa05e6f327a1d6fc3eec507e0e3ac287df8fdc91714049390460b32bf478e72c06e9a266078b504f0bf581990ebf64f42d74
SSDEEP

12288:wQYZC4qI8wlpoDNOPLm7lryKDDDe3PtWY81Jx6B2z:wQYZHj8wlq5kLmhryKDEe4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f84dfab4ae28ba014a399560ea68b905b8e35d2ffc06298b1d793ecd0314c664

Files

f84dfab4ae28ba014a399560ea68b905b8e35d2ffc06298b1d793ecd0314c664
.dll windows x64

f6c615004ee6962984f6e458071356d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws_log

ord1
ord2

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
QueryPerformanceCounter

msvcr120

_wfopen
fclose
fwrite
_vswprintf_c_l
_purecall
calloc
free
vsprintf
memset
sqrtf
frexp
ldexp
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
__C_specific_handler
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
memcpy
__CxxFrameHandler3
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memmove

Exports

Exports

GetEncoders
GetFileFormats

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6c615004ee6962984f6e458071356d6

Headers

DLL Characteristics

File Characteristics

Imports

ws_log

kernel32

msvcr120

Exports

Exports

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 680B

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 680B