b97af0d5b8e755a8b078448d44a89d1a

Sharing

Copy URL Twitter E-mail

General

Target

b97af0d5b8e755a8b078448d44a89d1a
Size

100KB
MD5

b97af0d5b8e755a8b078448d44a89d1a
SHA1

ad5712c7a12bdefded0000f3548d54cba1716398
SHA256

3c1e57ef88060f57a75fe41c310410965c95c87db1f3d25efa7ef11b9bde06e7
SHA512

50a028769bc2a096c5bc464120dc9dcc3d68933488c4062929a2c3594eabfbd1f8919fb1e19831563fde902a1633444dd443480c53b43c37323d1d9932767f82
SSDEEP

768:PnOgcreMkPxTjS1xibMZnSFa01Vvyw+l0NY7MH+jTBoNNL3T:skSPiQ4dtX++SG+jT2NNL3T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b97af0d5b8e755a8b078448d44a89d1a

Files

b97af0d5b8e755a8b078448d44a89d1a
.dll regsvr32 windows:10 windows x64 arch:x64

76af1f5b860469a564a7a8d3ec653481

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
wcsnlen
??3@YAXPEAX@Z
??0exception@@QEAA@AEBV0@@Z
time
malloc
_vsnprintf_s
memcpy_s
??0exception@@QEAA@XZ
_purecall
free
_XcptFilter
??1exception@@UEAA@XZ
srand
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_vsnwprintf
??_V@YAXPEAX@Z
__C_specific_handler
__CxxFrameHandler3
_unlock
rand
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
memset

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventProviderEnabled
EventSetInformation
EventWrite

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

rpcrt4

UuidFromStringW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

NtQueryInformationProcess

Exports

Exports

AmsiCloseSession
AmsiInitialize
AmsiOpenSession
AmsiScanBuffer
AmsiScanString
AmsiUacInitialize
AmsiUacScan
AmsiUacUninitialize
AmsiUninitialize
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76af1f5b860469a564a7a8d3ec653481

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

rpcrt4

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

ntdll

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 8KB

.pdata Size: 4KB - Virtual size: 4KB

.didat Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 4KB