a367e4dced94a9b9300c5cd2dc48992680be28b896d7471c548d565eb0e24ec4

Sharing

Copy URL Twitter E-mail

General

Target

a367e4dced94a9b9300c5cd2dc48992680be28b896d7471c548d565eb0e24ec4
Size

5.4MB
MD5

1a9f58e94bc02c9854c2f61387d9b7e5
SHA1

5e17dc66704ca6dfb54a4729b5d329a8a1c2f20e
SHA256

a367e4dced94a9b9300c5cd2dc48992680be28b896d7471c548d565eb0e24ec4
SHA512

1ccdd90d2befb566a7574f73249003a41653f9f1751281370d364e8c9592eaa68f35609dc23a126053fbf35b2930012d0a82c31f17b1f5f9ef3e6b81c9ca8cda
SSDEEP

49152:/Vbv54uYCVX4y4OUZoqwLS0K3ddt5mhyIl8tQ8JT0UHD5vdd2ucx:/xSuYq4y4/Wu0adq87d7cx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a367e4dced94a9b9300c5cd2dc48992680be28b896d7471c548d565eb0e24ec4

Files

a367e4dced94a9b9300c5cd2dc48992680be28b896d7471c548d565eb0e24ec4
.dll windows:6 windows x64 arch:x64

5b1aea75a53a540ce5fe09ba73b93811

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Workspace\p-32c2360fb58e45abbbf7bc280a4ae86a\Build\PolicyProbex64s.pdb

Imports

kernel32

GetLogicalProcessorInformation
GetDiskFreeSpaceExW
GlobalMemoryStatus
GlobalMemoryStatusEx
CreateThread
SetEvent
CreateEventW
FreeLibrary
FileTimeToSystemTime
FindNextFileA
LoadLibraryA
OpenProcess
GetEnvironmentVariableA
CreateFileA
GetFileSizeEx
CreateFileMappingA
MapViewOfFileEx
DeleteFileA
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetModuleHandleA
GetSystemInfo
GetModuleFileNameA
QueryPerformanceFrequency
QueryPerformanceCounter
ResumeThread
LoadLibraryW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualQueryEx
RtlLookupFunctionEntry
RtlVirtualUnwind
VirtualAlloc
VirtualFree
VirtualProtectEx
GetFileInformationByHandle
InitializeCriticalSectionAndSpinCount
CreateMutexA
OpenFileMappingA
GetTickCount
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetSystemDirectoryW
RtlPcToFileHeader
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
GetSystemTimeAsFileTime
LCMapStringEx
GetCPInfo
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
SetStdHandle
FreeEnvironmentStringsW
SetFilePointerEx
QueryDosDeviceW
DeviceIoControl
FindFirstFileA
GetWindowsDirectoryA
GetLogicalDriveStringsA
UnmapViewOfFile
MapViewOfFile
ReleaseMutex
CreateFileMappingW
CreateMutexW
GetWindowsDirectoryW
SetEndOfFile
SetFilePointer
SetFileTime
RemoveDirectoryW
Sleep
FindClose
FindNextFileW
GetFileAttributesW
ReadFile
GetFileSize
FindFirstFileW
SetFileAttributesW
EncodePointer
GetModuleHandleW
LocalFree
GetProcAddress
GetCurrentThread
SetThreadAffinityMask
PeekNamedPipe
CreateProcessA
CreatePipe
GetCurrentProcess
IsWow64Process
WaitForSingleObject
WideCharToMultiByte
GetCurrentProcessId
GetConsoleMode
GetStdHandle
CreateDirectoryW
WriteConsoleW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleOutputCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
ExitProcess
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
OutputDebugStringW
WriteFile
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetComputerNameA
GetCurrentThreadId
GetModuleFileNameW
CreateFileW
CloseHandle
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
MultiByteToWideChar
IsProcessorFeaturePresent
RtlUnwind

advapi32

ReportEventW
SetSecurityDescriptorDacl
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptDestroyKey
OpenEventLogW
ReadEventLogW
CloseEventLog
RegisterEventSourceW
DeregisterEventSource
CryptGetProvParam
GetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegSaveKeyA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyW
RegOpenKeyExW
GetUserNameA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
CryptSetProvParam
InitializeSecurityDescriptor

ole32

CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
StringFromCLSID
CoUninitialize

shell32

SHGetFolderPathAndSubDirW
SHGetSpecialFolderPathA
SHGetFolderPathA

oleaut32

SafeArrayAccessData
VariantChangeType
VariantClear
VariantInit
SysFreeString
SafeArrayUnaccessData
SysAllocString
SysStringLen

shlwapi

PathRemoveFileSpecW
PathRemoveFileSpecA
PathAddBackslashA
PathAppendW
StrStrIA
PathAddExtensionA
SHGetValueW
SHEnumKeyExW
StrRStrIW
StrStrIW
PathIsSameRootA
StrCmpIW
PathCombineW
PathCombineA
PathAppendA
PathFileExistsA
PathFindFileNameA
PathAddBackslashW

rpcrt4

UuidFromStringA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupDiGetDevicePropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsW

iphlpapi

IcmpCloseHandle
IcmpCreateFile
GetInterfaceInfo
SendARP
GetIpAddrTable
GetIfTable
GetAdaptersInfo
GetIfEntry
GetIpForwardTable
GetAdaptersAddresses
IcmpSendEcho
GetNetworkParams

ws2_32

socket
WSAGetLastError
setsockopt
WSAStartup
htons
bind
sendto
ntohs
select
connect
ioctlsocket
freeaddrinfo
closesocket
recvfrom
WSACleanup
inet_addr
getsockopt
getaddrinfo

rasapi32

RasEnumConnectionsA

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringA
CertGetSubjectCertificateFromStore
CryptMsgGetParam
CryptQueryObject

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen
WinHttpCheckPlatform
WinHttpConnect
WinHttpQueryHeaders

Exports

Exports

CreateObject
GetBugReport

Sections

.text
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b1aea75a53a540ce5fe09ba73b93811

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

shell32

oleaut32

shlwapi

rpcrt4

version

setupapi

iphlpapi

ws2_32

rasapi32

crypt32

winhttp

Exports

Exports

Sections

.text Size: 788KB - Virtual size: 787KB

.rdata Size: 466KB - Virtual size: 466KB

.data Size: 18KB - Virtual size: 451KB

.pdata Size: 30KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.tvm0 Size: 4.2MB - Virtual size: 4.2MB

.text
Size: 788KB - Virtual size: 787KB

.rdata
Size: 466KB - Virtual size: 466KB

.data
Size: 18KB - Virtual size: 451KB

.pdata
Size: 30KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.tvm0
Size: 4.2MB - Virtual size: 4.2MB