MDE_File_Sample_fe58ec001d870dfc09104afb1c2d4afbd87975f61161940162e4b90e88989767[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_fe58ec001d870dfc09104afb1c2d4afbd87975f61161940162e4b90e88989767.zip
Size

674KB
MD5

f040ce55dee06e73db73324c646d132b
SHA1

fcbb4e1204820ea261874a0225ff6cc2aab8cea4
SHA256

15db7e2129cff0f4562f4eb312a0a93f51eb7f6bdbce3cd60552c735e06b56a4
SHA512

0bdc0d633301b2d812636f0619a8e9eab62cc487189a6ac3061e13772281736bcccb86e22e51ce17700af2a6d41c794a55d87556378d3502d13de5b620120f7a
SSDEEP

12288:QoxSdLclgbmhXXK8v7DRvvUkj5YmroFWaOOpkhDiKfnHILXPiD7F07:3xSdLcl7XXVzFvzj5Yms6OpkhuKfHIeo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0517_ThreadlessHooker_rc_x64.dll

Files

MDE_File_Sample_fe58ec001d870dfc09104afb1c2d4afbd87975f61161940162e4b90e88989767.zip
.zip

Password: Wirelesse@12
0517_ThreadlessHooker_rc_x64.dll
.dll regsvr32 windows:4 windows x64

Password: Wirelesse@12

027c9a9122a53ca05b03564de13d219e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

CloseHandle
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetComputerNameExA
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetTimeZoneInformation
InitializeCriticalSection
K32EnumProcessModules
K32EnumProcessModulesEx
K32EnumProcesses
K32GetModuleBaseNameA
K32GetModuleFileNameExA
K32GetModuleInformation
LeaveCriticalSection
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_stricmp
_strnicmp
_time64
_unlock
abort
calloc
exit
free
fwrite
malloc
memcmp
memcpy
memset
rand
realloc
srand
strlen
strncmp
vfprintf
wcscmp

Exports

Exports

DllInstall
DllRegisterServer
DllUninstall
DllUnregisterServer
Think

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 669B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: Wirelesse@12

Password: Wirelesse@12

027c9a9122a53ca05b03564de13d219e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.data Size: 512B - Virtual size: 224B

.rdata Size: 1.5MB - Virtual size: 1.5MB

.pdata Size: 1024B - Virtual size: 888B

.xdata Size: 1024B - Virtual size: 660B

.bss Size: - Virtual size: 8KB

.edata Size: 512B - Virtual size: 168B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 128B

/4 Size: 1024B - Virtual size: 640B

/19 Size: 28KB - Virtual size: 28KB

/31 Size: 5KB - Virtual size: 4KB

/45 Size: 7KB - Virtual size: 6KB

/57 Size: 2KB - Virtual size: 2KB

/70 Size: 1024B - Virtual size: 669B

/81 Size: 12KB - Virtual size: 11KB

/92 Size: 2KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.pdata
Size: 1024B - Virtual size: 888B

.xdata
Size: 1024B - Virtual size: 660B

.bss
Size: - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 168B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 128B

/4
Size: 1024B - Virtual size: 640B

/19
Size: 28KB - Virtual size: 28KB

/31
Size: 5KB - Virtual size: 4KB

/45
Size: 7KB - Virtual size: 6KB

/57
Size: 2KB - Virtual size: 2KB

/70
Size: 1024B - Virtual size: 669B

/81
Size: 12KB - Virtual size: 11KB

/92
Size: 2KB - Virtual size: 1KB