96a301936fc4a76fb982cc2f8075fe641bb4908221754a0357a188ea81b03997

Sharing

Copy URL

Twitter E-mail

General

Target

96a301936fc4a76fb982cc2f8075fe641bb4908221754a0357a188ea81b03997
Size

91KB
MD5

6eae079cb9135503ed0711968649a5eb
SHA1

0e35bbb313102d938cd5db396182a5a0a0652715
SHA256

96a301936fc4a76fb982cc2f8075fe641bb4908221754a0357a188ea81b03997
SHA512

32e6388e47a89580aaaa1fadc22ba670a0b88d07e47ed2ed384d7db6f7c5b16aced6eaa099e66cbcc36acde0997d51c6e0b28b0ccccc3f3e7c214fec5fa16867
SSDEEP

1536:TPSxDOPulvdRfhjOx/T5HNo2Td7WNc//hpTJkhcBOAEF:LYTR58/TNNo0dj//ehcBOAEF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96a301936fc4a76fb982cc2f8075fe641bb4908221754a0357a188ea81b03997

Files

96a301936fc4a76fb982cc2f8075fe641bb4908221754a0357a188ea81b03997
.dll regsvr32 windows:6 windows x64 arch:x64

403d68e33fde0bf6968a812459bdbc20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\jenkins\workspace\Git-NLEPlatformPro\Src\SymbolTable\Win\x64_Release\NLEKeyFrame.pdb

Imports

nlecommon

?WChar2Char@NLECommon@@YAJPEB_WPEADH@Z
?CaculateKeyFramePosition@KeyFrame@NLECommon@@YA?AVNLERational@@HH@Z
?CaculateKeyFrameIndex@KeyFrame@NLECommon@@YAHNH@Z
?GetInterface@NLECommon@@YAJAEBU_GUID@@PEAUIUnknown@@K0PEAPEAX@Z
?Char2WChar@NLECommon@@YAJPEBDPEA_WH@Z

nlebaseclass

??1Value@Json@@QEAA@XZ
?write@FastWriter@Json@@UEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVValue@2@@Z
??0FastWriter@Json@@QEAA@XZ
?end@Value@Json@@QEAA?AVValueIterator@2@XZ
?begin@Value@Json@@QEAA?AVValueIterator@2@XZ
?append@Value@Json@@QEAAAEAV12@AEBV12@@Z
?deref@ValueIteratorBase@Json@@IEBAAEAVValue@2@XZ
?increment@ValueIteratorBase@Json@@IEAAXXZ
?isEqual@ValueIteratorBase@Json@@IEBA_NAEBV12@@Z
??0Reader@Json@@QEAA@XZ
?parse@Reader@Json@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVValue@2@_N@Z
??0ValueIterator@Json@@QEAA@AEBV01@@Z
??0Value@Json@@QEAA@AEBV01@@Z
??0Value@Json@@QEAA@_N@Z
??0Value@Json@@QEAA@N@Z
??0Value@Json@@QEAA@H@Z
??0Value@Json@@QEAA@W4ValueType@1@@Z
??AValue@Json@@QEAAAEAV01@H@Z
??4Value@Json@@QEAAAEAV01@V01@@Z
?asInt@Value@Json@@QEBAHXZ
?asDouble@Value@Json@@QEBANXZ
?asBool@Value@Json@@QEBA_NXZ
??AValue@Json@@QEAAAEAV01@PEBD@Z
??1Writer@Json@@UEAA@XZ

nlelogger

NLEGetDefaultLogger

kernel32

OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetModuleFileNameW
lstrlenW
DeleteCriticalSection
GetLastError
DecodePointer
GetCurrentProcessId
InitializeCriticalSectionEx

advapi32

RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegCreateKeyW

ole32

StringFromGUID2

msvcp120

?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy
_Mtx_unlock
_Mtx_lock
_Mtx_init
?_Xout_of_range@std@@YAXPEBD@Z

msvcr120

__dllonexit
_calloc_crt
_onexit
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
__crt_debugger_hook
__crtUnhandledException
_unlock
_lock
__crtTerminateProcess
__crtCapturePreviousContext
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
sqrt
memset
_CxxThrowException
__CxxFrameHandler3
memcpy
__C_specific_handler
memmove
_purecall
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
free
printf
_vsnwprintf
swprintf_s
_wcsicmp
wcsrchr
swscanf_s

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

403d68e33fde0bf6968a812459bdbc20

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nlecommon

nlebaseclass

nlelogger

kernel32

advapi32

ole32

msvcp120

msvcr120

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 372B

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 372B