agressor[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

agressor.dll
Size

1.6MB
MD5

791234f2cbc3e555b51a9cba556fc504
SHA1

149b332351e8103e30d10becdf372d036974339e
SHA256

3adc5d0504303eff44102348c083549f8ed87fc0079fb617d10ee1daa0654266
SHA512

1b1333cf50ac96574d7f73d75b26a1363382355807e7aa13558dd9e52f96f0acd4520a070f72767866d40e924a41947dbaab630d70594add6b81e2f3c113097e
SSDEEP

24576:ocmt7DJwWQFMYa7h05WFmTOZDYfC+siL26:uJwMiOZDYfC+siL26

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
agressor.dll

Files

agressor.dll
.dll windows:4 windows x64 arch:x64

aa722383fa90c857d30c37a04bfc0fdb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
RaiseException
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
DeleteFileW
CreateFileW
GetFileAttributesW
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
GetCurrentThread
OpenThread
IsDebuggerPresent
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
GetEnvironmentStringsA
FreeEnvironmentStringsA
GetEnvironmentVariableA
FindResourceA
FindResourceExA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
GetWindowsDirectoryA
CreateNamedPipeA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
CompareStringW
GetLocaleInfoW
GetDateFormatW
FindFirstFileExW
FreeResource
LockResource
VirtualAllocEx
VirtualQuery
VirtualProtectEx
OpenProcess
GetExitCodeProcess
GetExitCodeThread
WriteProcessMemory
LoadResource
SizeofResource
DeviceIoControl
FindClose
GetLocalTime
ConnectNamedPipe
DisconnectNamedPipe
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
GetProcessId
QueueUserAPC
DebugActiveProcessStop

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
MsgWaitForMultipleObjects
GetSystemMetrics
MessageBeep

ole32

CoUninitialize
CoInitialize
GetErrorInfo

ntdll

NtAllocateVirtualMemory

ws2_32

closesocket
connect
ioctlsocket
getsockopt
recv
select
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Exports

Exports

Main
ViewLogs

Sections

.text
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa722383fa90c857d30c37a04bfc0fdb

Headers

File Characteristics

Imports

kernel32

oleaut32

user32

ole32

ntdll

ws2_32

wsock32

Exports

Exports

Sections

.text Size: 357KB - Virtual size: 356KB

.data Size: 24KB - Virtual size: 23KB

.rdata Size: 142KB - Virtual size: 141KB

.pdata Size: 26KB - Virtual size: 25KB

.bss Size: - Virtual size: 1.0MB

.CRT Size: 512B - Virtual size: 8B

.idata Size: 6KB - Virtual size: 5KB

.edata Size: 512B - Virtual size: 96B

.reloc Size: 10KB - Virtual size: 10KB

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 184KB - Virtual size: 183KB

/31 Size: 2KB - Virtual size: 2KB

/45 Size: 4KB - Virtual size: 4KB

/57 Size: 314KB - Virtual size: 314KB

.text
Size: 357KB - Virtual size: 356KB

.data
Size: 24KB - Virtual size: 23KB

.rdata
Size: 142KB - Virtual size: 141KB

.pdata
Size: 26KB - Virtual size: 25KB

.bss
Size: - Virtual size: 1.0MB

.CRT
Size: 512B - Virtual size: 8B

.idata
Size: 6KB - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 96B

.reloc
Size: 10KB - Virtual size: 10KB

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 184KB - Virtual size: 183KB

/31
Size: 2KB - Virtual size: 2KB

/45
Size: 4KB - Virtual size: 4KB

/57
Size: 314KB - Virtual size: 314KB