40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec

Sharing

Copy URL

Twitter E-mail

General

Target

40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec
Size

59KB
MD5

acb3960b616f3194bab7c6997bdfe1ae
SHA1

09cea34ab57ad6be064166dbceb71dc20d626c01
SHA256

40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec
SHA512

eb808b0673fd914948d454ffc1c8fbd837ec8b95cc91ca060464e10be6da32649f7612eb70c3030f73c9aa9436410116fc24b93807a7757a457973eda945ecc7
SSDEEP

768:5pIcFo7LE72qe72ax8/ksHbTdhXEPt9O3amHpQRL+AYzOEHTL8MF5PaDp1ur29O:5pE/Gde2wQHbh8t5mJoSAALBF5Peuri

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec

Files

40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec
.dll windows:6 windows x86 arch:x86

3a3cf2345027943866a966e79135413e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

kernel32

GetTickCount64
GetCurrentThreadId
WaitForSingleObject
GetLastError
DisableThreadLibraryCalls
CloseHandle
GetModuleHandleExA
FreeLibrary
GetModuleFileNameA
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryA
GetVersionExA
OutputDebugStringA
GetTickCount
TerminateThread
Sleep
CreateThread
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
QueryPerformanceCounter

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

msvcp110

?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Winerror_map@std@@YAPBDH@Z

msvcr110

memmove
_purecall
??2@YAPAXI@Z
memchr
vsprintf_s
free
tolower
strncmp
??_V@YAXPAX@Z
printf
_stricmp
atoi
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
_except_handler4_common
__clean_type_info_names_internal
memset
_CxxThrowException
__CxxFrameHandler3
memcpy
??3@YAXPAX@Z

wsock32

bind
connect
__WSAFDIsSet
closesocket
send
WSAStartup
ioctlsocket
select
htons
WSACleanup
socket
recv

Exports

Exports

CreateQueryObjectHandle
FreeQueryObject
GetHisiAgentVersionInfo
RegisterGetDevCallBackFunc
RegisterGetDevCallBackFuncEx
StartQueryDev

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a3cf2345027943866a966e79135413e

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

advapi32

msvcp110

msvcr110

wsock32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB