7f00d52005ae9d117124ee977dd93d8d

Sharing

Copy URL Twitter E-mail

General

Target

7f00d52005ae9d117124ee977dd93d8d
Size

164KB
MD5

7f00d52005ae9d117124ee977dd93d8d
SHA1

b31e6418e7b94621290497898e5fb1fcdfa0acd5
SHA256

7f0b89648d24905d2725bf3e8f93e0950ad9f5f0af8f1679d1b1cb752b0be0ae
SHA512

1bb952506a864bd50f438444500f574fb4ff9221fa246613eb5710243a03a81c077ea6d3fab06f89fa9c99fb82c24ba8f6c4f85b140dca17d79292553da0991a
SSDEEP

3072:bp9Z6G75sjt2XWLZszEPCFwJkb112QLZpw5RodKM+G7U+KViOJI1/6ij:bp9ni2X+TPpC1FL45neKVdJI1X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f00d52005ae9d117124ee977dd93d8d

Files

7f00d52005ae9d117124ee977dd93d8d
.dll windows:5 windows x86 arch:x86

6e369b8fd1583815ca33ad19478c189e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dhcpcsvc.pdb

Imports

msvcrt

wcsrchr
wcscmp
wcstombs
wcsncmp
_wtol
time
srand
wcstoul
wcschr
strtoul
_except_handler3
wcslen
_adjust_fdiv
malloc
_initterm
free
_wcsicmp
_ultoa
rand
wcscpy
wcscat
swprintf
sprintf

ntdll

RtlUnicodeStringToOemString
NlsMbOemCodePageTag
RtlxOemStringToUnicodeSize
RtlInitString
RtlOemStringToUnicodeString
NtClose
RtlNtStatusToDosError
RtlGUIDFromString
RtlInitUnicodeString
NtWaitForSingleObject
NtDeviceIoControlFile
NtCreateFile
RtlUpcaseUnicodeString
RtlCopySid
RtlDeleteSecurityObject
RtlLengthSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlNewSecurityObject
NtOpenProcessToken
NtCancelIoFile
NtConnectPort
NtRequestPort
RtlxUnicodeStringToOemSize

advapi32

QueryServiceStatus
RegSetValueExW
RegOpenKeyExW
OpenThreadToken
AccessCheck
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
RegCreateKeyExW
SetServiceStatus
LsaNtStatusToWinError
RegisterServiceCtrlHandlerExW
SystemFunction036
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetSecurityDescriptorDacl
FreeSid
RegDeleteValueW
RegOpenKeyW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCloseKey

dnsapi

DnsAsyncRegisterHostAddrs
DnsNotifyResolver
DnsQueryConfigDword
DnsAsyncRegisterInit
DnsAsyncRegisterTerm
DnsRemoveRegistrations

iphlpapi

IcmpSendEcho
IcmpCreateFile
SendARP
AllocateAndGetIfTableFromStack
AllocateAndGetIpAddrTableFromStack
GetIpAddrTable
AllocateAndGetIpForwardTableFromStack

kernel32

CreateSemaphoreW
SetLastError
OpenEventW
HeapFree
IsBadWritePtr
FormatMessageW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
SystemTimeToFileTime
GetSystemTime
SetWaitableTimer
CancelWaitableTimer
MultiByteToWideChar
UnhandledExceptionFilter
Sleep
OpenEventA
DeviceIoControl
GetCurrentThread
CreateFileW
GetProcessHeap
WaitForMultipleObjects
ResetEvent
CreateThread
TerminateThread
LocalFree
LocalAlloc
GetCurrentProcessId
GetLastError
CloseHandle
GetProcAddress
LoadLibraryA
CreateEventA
InterlockedIncrement
CreateEventW
GetVersionExW
SetEvent
LeaveCriticalSection
EnterCriticalSection
PulseEvent
LoadLibraryW
CreateWaitableTimerW
GetComputerNameExW
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
WaitForSingleObject
ReleaseSemaphore
DisableThreadLibraryCalls
FreeLibrary

rpcrt4

RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingSetOption
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcServerRegisterAuthInfoW
RpcServerUnregisterIfEx
RpcBindingVectorFree
RpcEpUnregister
RpcServerInqBindings
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcEpRegisterW
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcImpersonateClient
NdrServerCall2
RpcRevertToSelf
NdrClientCall2
UuidCreate

secur32

LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification

user32

MessageBoxW

ws2_32

inet_addr
inet_ntoa
WSAStartup
WSACleanup
WSAEventSelect
WSAEnumNetworkEvents
bind
WSAIoctl
recvfrom
select
htons
sendto
setsockopt
WSAGetLastError
WSACreateEvent
socket
WSAWaitForMultipleEvents
ntohl
ntohs
closesocket
htonl
WSASetEvent
WSAResetEvent
WSACloseEvent

Exports

Exports

DhcpAcquireParameters
DhcpAcquireParametersByBroadcast
DhcpCApiCleanup
DhcpCApiInitialize
DhcpDeRegisterOptions
DhcpDeRegisterParamChange
DhcpDelPersistentRequestParams
DhcpEnumClasses
DhcpFallbackRefreshParams
DhcpHandlePnPEvent
DhcpLeaseIpAddress
DhcpLeaseIpAddressEx
DhcpNotifyConfigChange
DhcpNotifyConfigChangeEx
DhcpNotifyMediaReconnected
DhcpOpenGlobalEvent
DhcpPersistentRequestParams
DhcpQueryHWInfo
DhcpRegisterOptions
DhcpRegisterParamChange
DhcpReleaseIpAddressLease
DhcpReleaseIpAddressLeaseEx
DhcpReleaseParameters
DhcpRemoveDNSRegistrations
DhcpRenewIpAddressLease
DhcpRenewIpAddressLeaseEx
DhcpRequestOptions
DhcpRequestParams
DhcpStaticRefreshParams
DhcpUndoRequestParams
McastApiCleanup
McastApiStartup
McastEnumerateScopes
McastGenUID
McastReleaseAddress
McastRenewAddress
McastRequestAddress
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e369b8fd1583815ca33ad19478c189e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

dnsapi

iphlpapi

kernel32

rpcrt4

secur32

user32

ws2_32

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 96KB

.data Size: 57KB - Virtual size: 58KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 97KB - Virtual size: 96KB

.data
Size: 57KB - Virtual size: 58KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB