1c9bcdb1f986c062faaf00367b3ca1137c1fbdf5e932b9ccf3158abeac36ac37

Sharing

Copy URL Twitter E-mail

General

Target

1c9bcdb1f986c062faaf00367b3ca1137c1fbdf5e932b9ccf3158abeac36ac37
Size

87KB
MD5

3017223363501511f12ae945a11304b4
SHA1

4565cb990a67db9721a93b0bba98312b4c4a0878
SHA256

1c9bcdb1f986c062faaf00367b3ca1137c1fbdf5e932b9ccf3158abeac36ac37
SHA512

5693cda1ffa0e0a24140529f406db3950ee5cb5ea9f611f61dde68211cda8fcd9817a402bad41589df329846cf5ae5bf2d2e73b65060c42339d386523be23e01
SSDEEP

1536:fNRTr8OE+yOMWYcuwsWjcdwV+iuq3hGorE:XH8EGfwV+iuq3hfrE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c9bcdb1f986c062faaf00367b3ca1137c1fbdf5e932b9ccf3158abeac36ac37

Files

1c9bcdb1f986c062faaf00367b3ca1137c1fbdf5e932b9ccf3158abeac36ac37
.dll windows:6 windows x86

843628329ba62181d73f8a51449cdf5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

RpcEpUnregister
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcBindingVectorFree
RpcServerRegisterIf2
RpcEpRegisterW
RpcServerInqBindings
NdrServerCall2

kernel32

GetSystemTimeAsFileTime
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
CreateThread
WideCharToMultiByte
MultiByteToWideChar
GetLastError
HeapFree
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetModuleFileNameW
HeapSize
Sleep
RaiseException
SetLastError
InterlockedIncrement
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
CreateFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
HeapReAlloc
RtlUnwind
LCMapStringW

Exports

Exports

Init_Plugin
Register_CallBack_Fun
Start_Listen_Service
Stop_Listen_Service

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

843628329ba62181d73f8a51449cdf5b

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB