Target
OLMAPI32.dll
Size
279KB
MD5
5df9468112e21c712474483793537aed
SHA1
d22ee34eb6ba7e158f15de07830b8e31232fbe19
SHA256
dd53768eb7d5724adeb58796f986ded3c9b469157a1a1757d80ccd7956a3dbda
SHA512
39edb20be063ca682555b256826f44770cdc13a61bdaa092a8de3e119e357e03661c145eda95393c7edf32c2a0a12998e115542b0ee790e5e23f988616e094bd
SSDEEP
3072:hbp5Y0UEmuigQJch1NUZIeKFEW/HXGdSz6ednKUp4s9tlZR0ysKCAcSfxaTAhY5u:hbri1yl/H9dnK44s9LZREKCDAOTGl
| resource | yara_rule |
|---|---|
| sample | family_rpcbackdoor |
Checks for missing Authenticode signature.
| resource |
|---|
| OLMAPI32.dll |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
RpcStringFreeA
RpcStringBindingComposeA
RpcBindingFromStringBindingA
ReadFile
WriteFile
CloseHandle
Sleep
OpenProcess
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
WinExec
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemInfo
DeleteFileA
GetVersionExW
GetModuleHandleA
GlobalMemoryStatus
GetPrivateProfileStringW
GetComputerNameW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatW
FindFirstFileExW
SetEndOfFile
WriteConsoleW
CreateFileA
FindNextFileW
IsValidCodePage
GetACP
GetSystemDirectoryW
GetCPInfo
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FindClose
HeapReAlloc
DeleteFileW
FreeEnvironmentStringsW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LocalFree
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetConsoleMode
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetOEMCP
wsprintfA
LoadStringW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
GetUserNameA
RegQueryValueExW
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx
SysFreeString
SysAllocString
VariantClear
VariantInit
NetApiBufferFree
NetGetJoinInformation
PathFileExistsA
ord487
?GetFileVersionInfoByHandleEx@@YGHXZ
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ