382a4dc0e906d710d7e987b29efdf6c5f0c73141c5fbd0017752c81e4ee91cfe

Sharing

Copy URL Twitter E-mail

General

Target

382a4dc0e906d710d7e987b29efdf6c5f0c73141c5fbd0017752c81e4ee91cfe
Size

629KB
MD5

0ba03db33408e8c713bb347776025701
SHA1

922c8fa935abf73a72d669337484ce6df5197900
SHA256

382a4dc0e906d710d7e987b29efdf6c5f0c73141c5fbd0017752c81e4ee91cfe
SHA512

7c6479799fce83f9dca0ecba0df63258dced89d60bab61b976fb2502494ff428b9a4ec18cf719f2da53d2edeaccb8b9699207fea40568351d86079149bab9d99
SSDEEP

12288:CWx/G87UC3ohm8Zkt/jyLWdYw1BU4oFoW2BjvrEH7kr2:5x/GOTGZkdjy6dYqBU4otgrEH7K2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
382a4dc0e906d710d7e987b29efdf6c5f0c73141c5fbd0017752c81e4ee91cfe

Files

382a4dc0e906d710d7e987b29efdf6c5f0c73141c5fbd0017752c81e4ee91cfe
.dll windows:5 windows x86 arch:x86

9b0b7e438a5fe652824e4900c4dfd0e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\01_GitCode\02_AftersalesTools\01_SLA\Release\OpenSSLAPIs.pdb

Imports

kernel32

LoadLibraryA
FlushConsoleInputBuffer
CloseHandle
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
IsDebuggerPresent
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
GetStdHandle
GetFileType
GetVersion
GetModuleHandleA
GetCurrentThreadId
GetLastError
FreeLibrary
GetProcAddress
UnhandledExceptionFilter
LoadLibraryW
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
SetUnhandledExceptionFilter

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

msvcr100

memcpy
memset
strncpy
strchr
realloc
fprintf
__iob_func
strncmp
strtoul
sscanf
getenv
wcsstr
_vsnprintf
vfprintf
malloc
raise
_time64
strcmp
isdigit
isspace
qsort
tolower
_errno
_wfopen
fopen
fclose
ferror
fread
fwrite
fflush
?what@exception@std@@UBEPBDXZ
_fileno
ftell
feof
fseek
fgets
_strnicmp
isxdigit
atoi
_gmtime64
isupper
fputs
signal
_getch
strstr
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
sprintf
_setmode
printf
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
memmove
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
free
_CxxThrowException
_exit
__CxxFrameHandler3

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

Exports

Exports

AesCbcPkcs7Decrypt
AesCbcPkcs7Encrypt
AesEcbPkcs7Decrypt
AesEcbPkcs7Encrypt
Base64Decode
Base64Encode
DigestHashCalc
RsaOaepEncrypt
RsaPriKeyDecrypt
RsaPriKeyEncrypt
RsaPriKeyOaepDecrypt
RsaPriKeyOaepEncrypt
RsaPriKeySign
RsaPubKeyDecrypt
RsaPubKeyEncrypt
RsaPubKeyOaepDecrypt
RsaPubKeyOaepEncrypt
RsaPubKeyVerify

Sections

.text
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b0b7e438a5fe652824e4900c4dfd0e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcr100

msvcp100

Exports

Exports

Sections

.text Size: 388KB - Virtual size: 387KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 388KB - Virtual size: 387KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 25KB