b5cae90ad6f83e6ece149cb06e055c334c9e75b72100716975ffe21196f88843

Sharing

Copy URL Twitter E-mail

General

Target

b5cae90ad6f83e6ece149cb06e055c334c9e75b72100716975ffe21196f88843
Size

59KB
MD5

eb898698318d05884c9744f36a9d71f0
SHA1

0ae5bf421e6a83c9f24d196aa87f08ffdb3516f4
SHA256

b5cae90ad6f83e6ece149cb06e055c334c9e75b72100716975ffe21196f88843
SHA512

9b71a9a44947ca5be2d9faea2de4ec02117fc4846a02d4ff3c912cf64bbbb817d188de882826c1f7bce10513ee8ff2314516ebe5cf82280a3f4882d235ff6b8b
SSDEEP

768:kpIcFo7LE72qe72ax8/ksHbTdhXEPt9O3amHpQRL+AYzOEHTL8MF5AaDp1ur29O:kpE/Gde2wQHbh8t5mJoSAALBF5Aeuri

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5cae90ad6f83e6ece149cb06e055c334c9e75b72100716975ffe21196f88843

Files

b5cae90ad6f83e6ece149cb06e055c334c9e75b72100716975ffe21196f88843
.dll windows:6 windows x86 arch:x86

3a3cf2345027943866a966e79135413e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

kernel32

GetTickCount64
GetCurrentThreadId
WaitForSingleObject
GetLastError
DisableThreadLibraryCalls
CloseHandle
GetModuleHandleExA
FreeLibrary
GetModuleFileNameA
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryA
GetVersionExA
OutputDebugStringA
GetTickCount
TerminateThread
Sleep
CreateThread
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
QueryPerformanceCounter

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

msvcp110

?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Winerror_map@std@@YAPBDH@Z

msvcr110

memmove
_purecall
??2@YAPAXI@Z
memchr
vsprintf_s
free
tolower
strncmp
??_V@YAXPAX@Z
printf
_stricmp
atoi
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
_except_handler4_common
__clean_type_info_names_internal
memset
_CxxThrowException
__CxxFrameHandler3
memcpy
??3@YAXPAX@Z

wsock32

bind
connect
__WSAFDIsSet
closesocket
send
WSAStartup
ioctlsocket
select
htons
WSACleanup
socket
recv

Exports

Exports

CreateQueryObjectHandle
FreeQueryObject
GetHisiAgentVersionInfo
RegisterGetDevCallBackFunc
RegisterGetDevCallBackFuncEx
StartQueryDev

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a3cf2345027943866a966e79135413e

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

advapi32

msvcp110

msvcr110

wsock32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB