Static task
static1
Behavioral task
behavioral1
Sample
dbb932731a8cf855a32742771ec513bb5687ce0e1bd81bed8257e9970c1ed40a.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
dbb932731a8cf855a32742771ec513bb5687ce0e1bd81bed8257e9970c1ed40a.dll
Resource
win10v2004-20230915-en
General
-
Target
dbb932731a8cf855a32742771ec513bb5687ce0e1bd81bed8257e9970c1ed40a
-
Size
233KB
-
MD5
7e543187f0a797e46f5e47465c7878fc
-
SHA1
fe89508216977d4f6bb7859a4cae99920cf3263a
-
SHA256
dbb932731a8cf855a32742771ec513bb5687ce0e1bd81bed8257e9970c1ed40a
-
SHA512
bfea85b4aca5b3f1d42f257741b19726f8863d540deeec29c752ba12ae2f3b80f7e81e0664c9c524b16e7c78a70fa7e280f785b11be3f5ef153554470ededea4
-
SSDEEP
3072:pri1Ds4MlK10vHX1VdOi7KfX6CulVVAuvVxkuArANFr3tkIcUEijSFjE0OtjsKSS:pri1DiKWJOTcVVAKsrASdijijEKzfY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dbb932731a8cf855a32742771ec513bb5687ce0e1bd81bed8257e9970c1ed40a
Files
-
dbb932731a8cf855a32742771ec513bb5687ce0e1bd81bed8257e9970c1ed40a.dll windows:5 windows x86
9a34c39707ce114fde0b4c896949a37b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
ws2_32
ntohl
htonl
htons
freeaddrinfo
getaddrinfo
WSADuplicateSocketA
WSAGetLastError
WSAStartup
gethostbyname
socket
setsockopt
send
select
recv
listen
inet_ntoa
inet_addr
connect
closesocket
bind
accept
crypt32
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertGetCertificateContextProperty
wininet
InternetOpenW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetConnectW
InternetCrackUrlW
winhttp
WinHttpOpen
WinHttpQueryOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpConnect
WinHttpReadData
WinHttpCrackUrl
kernel32
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
LCMapStringW
HeapReAlloc
GetFileType
GetStdHandle
GetACP
HeapAlloc
HeapFree
GetModuleFileNameA
GetModuleHandleExW
RaiseException
GetCurrentThreadId
GetLastError
OutputDebugStringA
VirtualAllocEx
OpenProcess
GetCurrentProcess
WriteProcessMemory
CloseHandle
DuplicateHandle
CreateEventW
FreeLibrary
GetProcAddress
VirtualAlloc
VirtualFree
VirtualQueryEx
OpenThread
SetLastError
SuspendThread
ResumeThread
Sleep
LoadLibraryA
IsValidCodePage
CreateToolhelp32Snapshot
Thread32First
Thread32Next
FlushInstructionCache
VirtualProtect
VirtualQuery
LoadLibraryW
GetModuleHandleA
VirtualProtectEx
ExitProcess
SetUnhandledExceptionFilter
CreateRemoteThread
ExitThread
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
LocalFree
WriteFile
GetSystemDirectoryW
CreateFileA
GetVolumeInformationW
GetComputerNameW
GetThreadId
WaitForMultipleObjects
LocalAlloc
GetOverlappedResult
ResetEvent
ReadFile
ConnectNamedPipe
CreateNamedPipeA
GetCurrentProcessId
SetHandleInformation
SetNamedPipeHandleState
PeekNamedPipe
CreateNamedPipeW
GlobalFree
CreateThread
TerminateThread
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
GetVersionExW
CreateFileW
TlsAlloc
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
user32
GetProcessWindowStation
GetUserObjectInformationA
GetThreadDesktop
advapi32
OpenThreadToken
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ImpersonateLoggedOnUser
ole32
CoCreateGuid
Sections
.text Size: 147KB - Virtual size: 147KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 47KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ