C:\Buildserver\agent\_work\8\s\Output\Release\x64\epplib.pdb
Static task
static1
1 signatures
General
-
Target
falcon.zip
-
Size
462KB
-
MD5
79579adffda5a0f3c731a66b4e294b6a
-
SHA1
7e6b8c17e13ebba7b32c114025b8fc8a18902755
-
SHA256
98246088f338dc61cd73225dc42ad6460649d3c0995b8ae617c9fb30cd382290
-
SHA512
15923801c1d620c843acdec71677fd9f0d7ee81486ca57312600c5b871f71284ce7c4f1c92de7c391e9ccf366de1aaf5c8563fba8e9a13d62fc39da64ca5192d
-
SSDEEP
6144:JP5wFrqMnvDUidqLQqL0mBOJzBwByLd7NXaCO5UoJUd3TGW0e68jTqhzb3fUW4gu:J0bUm0QoOJzB8yvX85UAUd3Xl5TKhu
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/falcon.dll
Files
-
falcon.zip.zip
Password: infected
-
falcon.dll.dll windows:6 windows x64 arch:x64
df8b35939d4da64650d0fdf6fb348b33
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
fltlib
FilterReplyMessage
FilterGetMessage
FilterSendMessage
FilterLoad
FilterFindClose
FilterFindNext
FilterFindFirst
FilterUnload
FilterConnectCommunicationPort
kernel32
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrcatW
CopyFileW
MoveFileW
MoveFileExW
VerifyVersionInfoW
WideCharToMultiByte
GetModuleFileNameW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetCurrentProcessId
OpenEventA
MapViewOfFile
CreateFileMappingW
GetVersionExW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetSystemInfo
GetCurrentThreadId
GetCurrentProcess
Sleep
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeviceIoControl
DeleteFileW
VerSetConditionMask
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
DecodePointer
QueryDosDeviceW
OutputDebugStringW
OutputDebugStringA
GetLocalTime
GetLastError
CloseHandle
WriteFile
LocalFree
FormatMessageA
FormatMessageW
AreFileApisANSI
MultiByteToWideChar
WriteConsoleW
HeapFree
HeapAlloc
GetProcessHeap
QueryPerformanceCounter
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
GetDynamicTimeZoneInformation
GetFileAttributesW
GetConsoleMode
CreateFileW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
WaitForSingleObjectEx
GetExitCodeThread
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetLocaleInfoEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetStdHandle
CreateDirectoryW
ExitProcess
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
HeapSize
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEndOfFile
UnmapViewOfFile
GetStringTypeW
CreateEventA
GetFileInformationByHandle
RtlUnwind
user32
wvsprintfW
advapi32
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
ChangeServiceConfigW
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
QueryServiceStatusEx
RegGetValueW
RegSetKeyValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
OpenProcessToken
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
RegCloseKey
shell32
SHGetKnownFolderPath
ole32
CoTaskMemFree
Exports
Exports
A2ACCClearAllFilters
A2ACCClearInternalCache
A2ACCInstallDriver
A2ACCPvtCloseSecHandle
A2ACCPvtGetFileInfo
A2ACCPvtGetFileSize
A2ACCPvtGetSecHandle
A2ACCPvtReadFile
A2ACCRegisterService
A2ACCSendExcludedPathsList
A2ACCSendExtensionList
A2ACCSetFeatures
A2ACCStartDriver
A2ACCStopDriver
A2ACCUnRegisterService
A2ACCUninstallDriver
A2ACCUpdateConfiguration
A2DIClearFilters
A2DIDeinitialize
A2DIInitialize
A2DIInstallDriver
A2DIRegisterService
A2DIRegisterServiceEx
A2DIRegisterThenInitialize
A2DIStartDriver
A2DIStopDriver
A2DIUnRegisterService
A2DIUninstallDriver
A2DIUpdateConfiguration
CleanHlpAddDeniedRegPath
CleanHlpAddDeniedRegValPath
CleanHlpAddExcludedProcess
CleanHlpInstallDriver
CleanHlpRegisterService
CleanHlpRemoveDeniedRegPath
CleanHlpRemoveDeniedRegValPath
CleanHlpRemoveExcludedProcess
CleanHlpStartDriver
CleanHlpStopDriver
CleanHlpUnRegisterService
CleanHlpUninstallDriver
CleanHlpUpdateConfiguration
EppAdjustFeatureFlag
EppBBDeinitialize
EppBBInitialize
EppBBRegisterService
EppBBRegisterThenInitialize
EppBBUnRegisterService
EppClearExcludedProcessesList
EppElamWriteBinaryBuffer
EppGetInstalledFeatures
EppInstallDriver
EppIsFeatureInstalled
EppIsSrvSysInfected
EppMBRDeinitialize
EppMBRInitialize
EppMBRRegisterService
EppMBRUnRegisterService
EppSendExcludedProcessesList
EppStartDriver
EppStopDriver
EppStopDriverEx
EppUninstallDriver
vgml
Sections
.text Size: 836KB - Virtual size: 836KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 201KB - Virtual size: 201KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 22KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ