298e6a216c30c7fc22b56830b86beeb014dc69008dac3e0c59ab432512538f43

Sharing

Copy URL

Twitter E-mail

General

Target

298e6a216c30c7fc22b56830b86beeb014dc69008dac3e0c59ab432512538f43
Size

148KB
MD5

b5780e0476d58c4e7a82cef268d8f533
SHA1

8d809e83a4ba46433bbaa05a76478242ab147246
SHA256

298e6a216c30c7fc22b56830b86beeb014dc69008dac3e0c59ab432512538f43
SHA512

63d4b9117e46f6f47bfafc45e2a4da25138e84061541d637ae3f093d22072d979170b6cb0f7f33974acd1f2081fc8b3a856157fc2e0ff79cb9e3177ab1f0b5d0
SSDEEP

1536:XVn355UmKjdPXWGSPhMCw55up+PxjSbIt2IHS2H+j4fM1NkhLV6p:VbURJXpm9WL7Sy+c01ihLV6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
298e6a216c30c7fc22b56830b86beeb014dc69008dac3e0c59ab432512538f43

Files

298e6a216c30c7fc22b56830b86beeb014dc69008dac3e0c59ab432512538f43
.dll windows:6 windows x86 arch:x86

6285c06580b9f919aa3543802718b58e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetProcAddress
MultiByteToWideChar
CreateFileW
CloseHandle
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
WideCharToMultiByte
GetStringTypeW
GetLastError
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
ExitProcess
HeapSize
WriteFile
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
IsValidCodePage
GetACP
GetOEMCP
SetLastError
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
InitOnceExecuteOnce
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringEx
LCMapStringEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableA

wsock32

htonl

Exports

Exports

CreatePacketParser
FreePacketParser
PPVersion
PacketParser
RegFrameCallBack

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6285c06580b9f919aa3543802718b58e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsock32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 31KB