3e5e21c4f88194b1e17d6fc1e22e03a32f349dc7330e1aff4eb92349365b9dd6

Sharing

Copy URL Twitter E-mail

General

Target

3e5e21c4f88194b1e17d6fc1e22e03a32f349dc7330e1aff4eb92349365b9dd6
Size

109KB
MD5

be9676f5d3fbe310a03fe82167ac37b1
SHA1

62ef4969dc85249713937fece858e6d45aa504d3
SHA256

3e5e21c4f88194b1e17d6fc1e22e03a32f349dc7330e1aff4eb92349365b9dd6
SHA512

1b1ea4107bf42fc5669d0cb51b1f355525a4e59c3aad5c3c452b3a62da42de8301e900225063d70b424b7809e4161d46b6fd91eb719115269edabd6ec9c6192f
SSDEEP

1536:0qDO2+3lpj3rmlANBUfhz24dskfSQoaSEskpjFVZ9w5cvOAAUCc/:Hm3l9nYPdskfSQo32pjFVZicvOAAUCc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e5e21c4f88194b1e17d6fc1e22e03a32f349dc7330e1aff4eb92349365b9dd6

Files

3e5e21c4f88194b1e17d6fc1e22e03a32f349dc7330e1aff4eb92349365b9dd6
.dll regsvr32 windows:6 windows x64 arch:x64

028a4098d4d9dc267f82b45e867ed456

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\jenkins\workspace\Git-NLEPlatformPro\Src\SymbolTable\Win\x64_Release\NLEXml.pdb

Imports

nlelogger

NLEGetDefaultLogger

kernel32

GetModuleFileNameW
GetLastError
MultiByteToWideChar
GetACP
FormatMessageW
WideCharToMultiByte
GetCurrentProcessId
lstrlenW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetCurrentThreadId

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegCreateKeyW
RegSetValueExW

ole32

StringFromGUID2

msvcp120

?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcr120

wcstol
_vswprintf
wcsstr
??_V@YAXPEAX@Z
fread
_purecall
??3@YAXPEAX@Z
fwrite
_wfopen
ftell
fseek
memset
??2@YAPEAX_K@Z
printf
_vsnwprintf
swprintf_s
_wtoi
_wtof
fflush
_wtoi64
wcscpy_s
?terminate@@YAXXZ
__C_specific_handler
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
__CppXcptFilter
_amsg_exit
free
_malloc_crt
_initterm
_initterm_e
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
memmove
wcschr
wcsrchr
__CxxFrameHandler3
memcmp
memcpy
fclose
_CxxThrowException

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

028a4098d4d9dc267f82b45e867ed456

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nlelogger

kernel32

advapi32

ole32

msvcp120

msvcr120

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 844B

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 844B