895c312c4a43d1b02a25a03367f4936b3eaae6504fdb00da8f2059944e1c0693

Sharing

Copy URL Twitter E-mail

General

Target

895c312c4a43d1b02a25a03367f4936b3eaae6504fdb00da8f2059944e1c0693
Size

94KB
MD5

304f4fc7ec264897bf961811e21f52b1
SHA1

076ecc2e93cb57060a766295db5c2d67b616181a
SHA256

895c312c4a43d1b02a25a03367f4936b3eaae6504fdb00da8f2059944e1c0693
SHA512

5fc140efd782c1db523ed91cb28163a80b60c5857ffd8929dc8998e8388fcfd09bdae0fb0feede695454d0ff47f90d0b73d6147982f1c72d104c66fb05441aad
SSDEEP

1536:fcok2OcL+K2rU9MNOm1khc2iehQ0IUT2qxlVBF0Ne96Vo2OO8Ifc6wM1IOZezbI:fXBOcj2rU9K1khc2iehQ0IUT2qxlVB6/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
895c312c4a43d1b02a25a03367f4936b3eaae6504fdb00da8f2059944e1c0693

Files

895c312c4a43d1b02a25a03367f4936b3eaae6504fdb00da8f2059944e1c0693
.dll regsvr32 windows:6 windows x64 arch:x64

8584d5e0480b21ca3f8c37919b7139ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\jenkins\workspace\Git-NLEPlatformPro\Src\SymbolTable\Win\x64_Release\NLEMotionProcess.pdb

Imports

nlecommon

?GetInterface@NLECommon@@YAJAEBU_GUID@@PEAUIUnknown@@K0PEAPEAX@Z
??1NLEBlob@@QEAA@XZ
??0NLEBlob@@QEAA@XZ
?GetCGFilterManager@NLECommon@@YA?AV?$NLEComPtr@VINLECGFilterManager@@@@XZ
?GetCGDevice@NLECommon@@YA?AV?$NLEComPtr@VINLECGDevice@@@@XZ
?RemoveBraces@Guid@NLECommon@@YAXPEB_WPEA_W@Z
?CreateBGRAFrameFrom@NLECommon@@YA?AV?$NLEComPtr@VINLEFrame@@@@AEAV2@0W4NLECGMemoryType@@@Z

nlekey

?kFriendName@Property@Filter@NLEKey@@3PEB_WEB
?kParamsArray@Property@Filter@NLEKey@@3PAPEB_WA
?kValue_Current@Property@Filter@NLEKey@@3PEB_WEB
?kAngle@Transform@NLEKey@@3PEB_WEB
?kResizeScale@Transform@NLEKey@@3PEB_WEB
?kCenterPoint@Transform@NLEKey@@3PEB_WEB
?kOpacity@Composition@NLEKey@@3PEB_WEB
?kFilterID_MotionEffect@Filter@NLEKey@@3PEB_WEB
?kCount@Property@Filter@NLEKey@@3PEB_WEB

nlelogger

NLEGetDefaultLogger

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
lstrlenW
GetSystemTimeAsFileTime
GetModuleFileNameW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegCreateKeyW
RegSetValueExW

ole32

StringFromGUID2
CLSIDFromString

msvcr120

_CxxThrowException
__CxxFrameHandler3
_wcsicmp
??8type_info@@QEBA_NAEBV0@@Z
memmove
memcpy
_vswprintf_c_l
wcsrchr
??_V@YAXPEAX@Z
_purecall
??3@YAXPEAX@Z
swscanf_s
mbstowcs_s
setlocale
??2@YAPEAX_K@Z
__RTtypeid
memset
printf
_vsnwprintf
__clean_type_info_names_internal
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
_onexit
__CppXcptFilter
_amsg_exit
free
_malloc_crt
_initterm
_initterm_e
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
??_U@YAPEAX_K@Z
wcstombs_s

msvcp120

_Mtx_destroy
_Mtx_lock
_Mtx_init
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPEBDH@Z
_Mtx_unlock
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8584d5e0480b21ca3f8c37919b7139ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nlecommon

nlekey

nlelogger

kernel32

advapi32

ole32

msvcr120

msvcp120

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 280B

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 280B