63cfdc7b122d0b38342db9c5158d0c00426c19f5e2bc3f89686c4a273a2ae8e3

Sharing

Copy URL

Twitter E-mail

General

Target

63cfdc7b122d0b38342db9c5158d0c00426c19f5e2bc3f89686c4a273a2ae8e3
Size

41KB
MD5

3e92b839217896ec12630efdd735fb85
SHA1

19279663fe56bb3d5b0bd7f135b78c7fd463661a
SHA256

63cfdc7b122d0b38342db9c5158d0c00426c19f5e2bc3f89686c4a273a2ae8e3
SHA512

e5620538e0228e8d73212998ab187af4e653e93aeb5a2dc85a6d0fdb5548ff1349e53d1d8ae38e2fbaeb50a719787df4c2fff5f2243b106f18a57ee4500b9b05
SSDEEP

768:Cgyns9e+TH6ft9ERrn/Fc+WzIX8tevlwOMgia++y7tCQGF04p4o46FcdD9CCvHz9:O0//F+iTLctOAXYu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63cfdc7b122d0b38342db9c5158d0c00426c19f5e2bc3f89686c4a273a2ae8e3

Files

63cfdc7b122d0b38342db9c5158d0c00426c19f5e2bc3f89686c4a273a2ae8e3
.dll regsvr32 windows:6 windows x64 arch:x64

a784b6338fec5583d0953b9349deabbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\jenkins\workspace\Git-NLEPlatformPro\Src\SymbolTable\Win\x64_Release\LadspaPlugin.pdb

Imports

nlelogger

NLEGetDefaultLogger

nlebaseclass

?GetRange@CNLEService@@UEAAJPEB_WPEAVNLERange@@@Z
?GetDouble@CNLEService@@UEAAJPEB_WPEAN@Z
??0CNLEService@@QEAA@PEAUIUnknown@@@Z
?WillSetProperty@CNLEService@@UEAAJPEB_WAEAVCNLEValue@@@Z
?WillGetProperty@CNLEService@@UEAAJPEB_W@Z
?DoneGetProperty@CNLEService@@UEAAXPEB_W@Z
?WillDeleteProperty@CNLEService@@UEAAJPEB_W@Z
??1CNLEService@@UEAA@XZ
?NonDelegatingQueryInterface@CNLEService@@UEAAJAEBU_GUID@@PEAPEAX@Z
?HandleMessage@CNLEService@@UEAAJAEBUNLEMSG@@@Z
?HasKey@CNLEService@@UEAAJPEB_W@Z
?GetColorF@CNLEService@@UEAAJPEB_WPEAVNLEColorF@@@Z
?SetColorF@CNLEService@@UEAAJPEB_WVNLEColorF@@@Z
?GetKey@CNLEService@@UEAAJHPEAPEB_W@Z
?Dump@CNLEService@@UEAAJPEAVINLELogger@@@Z
?DeleteAll@CNLEService@@UEAAJXZ
?Delete@CNLEService@@UEAAJPEB_W@Z
?SetInt@CNLEService@@UEAAJPEB_WH@Z
?GetInt@CNLEService@@UEAAJPEB_WPEAH@Z
?CopyAll@CNLEService@@UEAAJPEAVINLEProperties@@@Z
?CopyValues@CNLEService@@UEAAJPEAVINLEProperties@@V?$vector@PEB_WV?$allocator@PEB_W@std@@@std@@@Z
?CopyValues@CNLEService@@UEAAJPEAVINLEProperties@@V?$vector@U?$pair@PEB_WPEB_W@std@@V?$allocator@U?$pair@PEB_WPEB_W@std@@@2@@std@@@Z
?CopyValue@CNLEService@@UEAAJPEAVINLEProperties@@PEB_W1@Z
?GetRational@CNLEService@@UEAAJPEB_WPEAVNLERational@@@Z
?SetRational@CNLEService@@UEAAJPEB_WAEBVNLERational@@@Z
?GetGUID@CNLEService@@UEAAJPEB_WPEAU_GUID@@@Z
?SetGUID@CNLEService@@UEAAJPEB_WAEBU_GUID@@@Z
?GetInterface@CNLEService@@UEAAJPEB_WPEAPEAUIUnknown@@@Z
?SetInterface@CNLEService@@UEAAJPEB_WPEAUIUnknown@@@Z
?GetBlob@CNLEService@@UEAAJPEB_WPEAVNLEBlob@@@Z
?SetBlob@CNLEService@@UEAAJPEB_WAEBVNLEBlob@@@Z
?GetSizeF@CNLEService@@UEAAJPEB_WPEAVNLESizeF@@@Z
?SetSizeF@CNLEService@@UEAAJPEB_WAEBVNLESizeF@@@Z
?GetSize@CNLEService@@UEAAJPEB_WPEAVNLESize@@@Z
?SetSize@CNLEService@@UEAAJPEB_WAEBVNLESize@@@Z
?GetPointF@CNLEService@@UEAAJPEB_WPEAVNLEPointF@@@Z
?SetPointF@CNLEService@@UEAAJPEB_WAEBVNLEPointF@@@Z
?AddListener@CNLEService@@UEAAJPEB_WP8CUnknown@scombase@@EAAJ0PEAX@ZPEAV23@@Z
?SetRange@CNLEService@@UEAAJPEB_WAEBVNLERange@@@Z
?GetPoint@CNLEService@@UEAAJPEB_WPEAVNLEPoint@@@Z
?SetPoint@CNLEService@@UEAAJPEB_WAEBVNLEPoint@@@Z
?GetRectF@CNLEService@@UEAAJPEB_WPEAVNLERectF@@@Z
?SetRectF@CNLEService@@UEAAJPEB_WAEBVNLERectF@@@Z
?GetRect@CNLEService@@UEAAJPEB_WPEAVNLERect@@@Z
?SetRect@CNLEService@@UEAAJPEB_WAEBVNLERect@@@Z
?GetString@CNLEService@@UEAAJPEB_WPEA_WH@Z
?SetString@CNLEService@@UEAAJPEB_W0@Z
?GetInt64@CNLEService@@UEAAJPEB_WPEA_J@Z
?SetInt64@CNLEService@@UEAAJPEB_W_J@Z
?GetCount@CNLEService@@UEAAJPEAH@Z
?DelValue@CNLEService@@UEAAJPEB_W@Z
?GetValue@CNLEService@@UEAAJPEB_WAEAVCNLEValue@@@Z
?SetValue@CNLEService@@UEAAJPEB_WAEAVCNLEValue@@@Z
?Notify@CNLEService@@UEAAJUtagNLEEVENT@@_J1@Z
?GetClassID@CNLEService@@UEAAAEBU_GUID@@XZ
?SetService@CNLEService@@UEAAJAEBU_GUID@@PEAUIUnknown@@@Z
?GetSession@CNLEService@@UEAAHXZ
?GetParent@CNLEService@@UEAAPEAUIUnknown@@XZ
?SetParent@CNLEService@@UEAAJPEAUIUnknown@@@Z
?SetReconstructProperties@CNLEService@@UEAAJPEAVINLEProperties@@@Z
?GetReconstructProperties@CNLEService@@UEAAJPEAPEAVINLEProperties@@@Z
?RegisterListeners@CNLEService@@UEAAXXZ
?Init@CNLEService@@UEAAJXZ
?DoneDeleteProperty@CNLEService@@UEAAXPEB_W@Z
?DoneSetProperty@CNLEService@@UEAAXPEB_W@Z
?SetDouble@CNLEService@@UEAAJPEB_WN@Z

pthreadvc2

pthread_mutex_unlock
pthread_mutex_lock

kernel32

OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
DecodePointer
DeleteCriticalSection
lstrlenW
InitializeCriticalSectionEx
GetModuleFileNameW
FreeLibrary
LoadLibraryW
QueryPerformanceCounter
GetLastError
GetProcAddress

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegCreateKeyW
RegSetValueExW

ole32

StringFromGUID2

msvcr120

__CppXcptFilter
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
_vsnwprintf
printf
_malloc_crt
_purecall
wcsrchr
??_V@YAXPEAX@Z
??2@YAPEAX_K@Z
??_U@YAPEAX_K@Z
??3@YAXPEAX@Z
memmove
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_initterm
_initterm_e
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
free
__crtCapturePreviousContext
memset
_CxxThrowException
memcpy
__CxxFrameHandler3
memcmp
_amsg_exit

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a784b6338fec5583d0953b9349deabbd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nlelogger

nlebaseclass

pthreadvc2

kernel32

advapi32

ole32

msvcr120

msvcp120

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 392B

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 392B