4c71aa4f812247c8dc7ad8cbe7f2e315db378d7476e8ab0e04679c0c74327cfc

Sharing

Copy URL Twitter E-mail

General

Target

4c71aa4f812247c8dc7ad8cbe7f2e315db378d7476e8ab0e04679c0c74327cfc
Size

32KB
MD5

a303cace14cd7a2d63a06e7634a1b8d6
SHA1

04e0fdec660b6ac4c158ccc2a07d4ed8d899e233
SHA256

4c71aa4f812247c8dc7ad8cbe7f2e315db378d7476e8ab0e04679c0c74327cfc
SHA512

0d179bcb668eb85524524c57f02037fcdbe9de005af702fe6120aaaf39d1d7d33077d22eaeaf8962d01331a28ac47347c393232fda719476b593f6d0311580b0
SSDEEP

384:jZ+NXPA6iOeLM10A77ZuWear9tqeMrNl8Gyv1eoD8thMbKLjtJNJaOQCO+tFfHRU:jM9HXLqrNlFoxD5KLL/QCXovcSOAuS2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c71aa4f812247c8dc7ad8cbe7f2e315db378d7476e8ab0e04679c0c74327cfc

Files

4c71aa4f812247c8dc7ad8cbe7f2e315db378d7476e8ab0e04679c0c74327cfc
.dll regsvr32 windows:6 windows x64 arch:x64

40fbbae35d2a03497fca3eac2d0c6788

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\jenkins\workspace\Git-NLEPlatformPro\Src\SymbolTable\Win\x64_Release\NLEMessageBus.pdb

Imports

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

advapi32

RegSetValueW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyW
RegDeleteKeyW

ole32

StringFromGUID2

msvcr120

memmove
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
??2@YAPEAX_K@Z
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
_purecall
__clean_type_info_names_internal
??3@YAXPEAX@Z
_vsnwprintf
printf
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3
memset

msvcp120

_Cnd_wait
??0_Pad@std@@QEAA@XZ
?_Release@_Pad@std@@QEAAXXZ
??1_Pad@std@@QEAA@XZ
?_Launch@_Pad@std@@QEAAXPEAU_Thrd_imp_t@@@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Thrd_equal
_Thrd_current
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_destroy
_Cnd_destroy
_Cnd_signal
_Cnd_broadcast
_Cnd_init
?_Throw_C_error@std@@YAXH@Z
_Thrd_join
_Mtx_init
_Mtx_lock
_Mtx_unlock

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40fbbae35d2a03497fca3eac2d0c6788

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

msvcr120

msvcp120

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 200B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 200B