9733aec823b6d92f7d304193e74b8eb3e47acb47cddc0d96617b091a8179fe76

Sharing

Copy URL Twitter E-mail

General

Target

9733aec823b6d92f7d304193e74b8eb3e47acb47cddc0d96617b091a8179fe76
Size

354KB
MD5

a2708f408d5cae84bf02151984947658
SHA1

8a087106fc5ed61a7a3cef269744ab8289c51113
SHA256

9733aec823b6d92f7d304193e74b8eb3e47acb47cddc0d96617b091a8179fe76
SHA512

4821451fa4d31bffe471e0e09717ecc760eb1ed22a3943be0b6f87295b97f4c4f3808e94e2bef172f073c2837e8853626ddd4d5720579e4ed0f56e3c9a46cc8c
SSDEEP

6144:pH+VjFreKE0V/NGvaX86tWBXZkbTe/CtjgZBwIV8g/wNmJ4eX:pH+VBeT0V/NBX8k2YTe/QIwIs8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9733aec823b6d92f7d304193e74b8eb3e47acb47cddc0d96617b091a8179fe76

Files

9733aec823b6d92f7d304193e74b8eb3e47acb47cddc0d96617b091a8179fe76
.dll windows:4 windows x64 arch:x64

dbf5d5d07c8769586600cbb0149f95a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\releases\winpcap_4_1_3\winpcap\wpcap\PRJ\Release\x64\wpcap.pdb

Imports

ws2_32

shutdown
ntohs
getservbyname
htonl
inet_addr
getservbyport
inet_ntoa
gethostbyname
gethostbyaddr
htons
WSAGetLastError
WSASetLastError
getprotobyname
accept
closesocket
getpeername
getsockopt
setsockopt
getsockname
select
WSAStartup
connect
listen
send
socket
bind
recv
ntohl
WSACleanup

packet

PacketGetAdapterNames
PacketGetNetInfoEx
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSendPacket
PacketSetReadTimeout
PacketReceivePacket
PacketSetMode
PacketInitPacket
PacketOpenAdapter
PacketSetBpf
PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetNetType
PacketSetBuff
PacketSetHwFilter
PacketGetStats
PacketGetVersion
PacketSetDumpName
PacketSendPackets
PacketIsDumpEnded
PacketGetReadEvent
PacketSetDumpLimits
PacketGetAirPcapHandle
PacketGetStatsEx

kernel32

HeapFree
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
MultiByteToWideChar
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapSize
SetFilePointer
CloseHandle
HeapDestroy
HeapCreate
HeapSetInformation
FlsAlloc
TlsSetValue
FlsFree
TlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
WriteFile
RtlLookupFunctionEntry
RtlVirtualUnwind
GetLastError
LoadLibraryA
LeaveCriticalSection
GetSystemDirectoryA
FreeLibrary
GetProcAddress
EnterCriticalSection
GetVersion
FindFirstFileA
FindClose
FindNextFileA
FormatMessageA
Sleep
SetLastError
InitializeCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
HeapAlloc
RtlUnwindEx
SetStdHandle
GetFileType
HeapReAlloc
GetModuleHandleA
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection

Exports

Exports

bpf_dump
bpf_filter
bpf_image
bpf_validate
endservent
eproto_db
getservent
install_bpf_program
pcap_activate
pcap_breakloop
pcap_close
pcap_compile
pcap_compile_nopcap
pcap_create
pcap_createsrcstr
pcap_datalink
pcap_datalink_name_to_val
pcap_datalink_val_to_description
pcap_datalink_val_to_name
pcap_dispatch
pcap_dump
pcap_dump_close
pcap_dump_file
pcap_dump_flush
pcap_dump_ftell
pcap_dump_open
pcap_file
pcap_fileno
pcap_findalldevs
pcap_findalldevs_ex
pcap_free_datalinks
pcap_freealldevs
pcap_freecode
pcap_get_airpcap_handle
pcap_geterr
pcap_getevent
pcap_getnonblock
pcap_hopen_offline
pcap_is_swapped
pcap_lib_version
pcap_list_datalinks
pcap_live_dump
pcap_live_dump_ended
pcap_lookupdev
pcap_lookupnet
pcap_loop
pcap_major_version
pcap_minor_version
pcap_next
pcap_next_etherent
pcap_next_ex
pcap_offline_filter
pcap_offline_read
pcap_open
pcap_open_dead
pcap_open_live
pcap_open_offline
pcap_parsesrcstr
pcap_perror
pcap_read
pcap_remoteact_accept
pcap_remoteact_cleanup
pcap_remoteact_close
pcap_remoteact_list
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_set_buffer_size
pcap_set_datalink
pcap_set_promisc
pcap_set_snaplen
pcap_set_timeout
pcap_setbuff
pcap_setdirection
pcap_setfilter
pcap_setmintocopy
pcap_setmode
pcap_setnonblock
pcap_setsampling
pcap_setuserbuffer
pcap_snapshot
pcap_stats
pcap_stats_ex
pcap_strerror
wsockinit

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbf5d5d07c8769586600cbb0149f95a8

Headers

File Characteristics

PDB Paths

Imports

ws2_32

packet

kernel32

Exports

Exports

Sections

.text Size: 238KB - Virtual size: 238KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 9KB - Virtual size: 46KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 238KB - Virtual size: 238KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 9KB - Virtual size: 46KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB