b97317ccadba5b3d9bf436f344e0482e

Sharing

Copy URL

Twitter E-mail

General

Target

b97317ccadba5b3d9bf436f344e0482e
Size

109KB
MD5

b97317ccadba5b3d9bf436f344e0482e
SHA1

0aaf87c4738799bfab39268bef50551c7908d407
SHA256

e3766ec1f4038ca5a3cb1ca31b6445485cf0338de7f4bb0dc053c5c2d301778d
SHA512

64640be891fea1d3f586b286b1294c049f80d9fc7ac876bc2326ee8a8b47efd585b362b8c62d84439ba99963d8f425b1ce6566108075a57a8b4ead552a1000ee
SSDEEP

3072:H4BmO9NYuQh4Z0gVueYRSRr/dKR3Zmq50tL:zsTuMFFe3q9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b97317ccadba5b3d9bf436f344e0482e

Files

b97317ccadba5b3d9bf436f344e0482e
.dll windows:5 windows x86 arch:x86

c36f2c9094c933bbd40148ec26b8fee7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\WorkSpace\Product\Hydra\trunk\BNCP\DND\GDnClient_KDK\Release\downAccelerator.pdb

Imports

kernel32

lstrlenW
GetLastError
EnterCriticalSection
lstrcatW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
CreateDirectoryW
MultiByteToWideChar
GetProcAddress
GetQueuedCompletionStatus
TerminateThread
Sleep
GetExitCodeThread
PostQueuedCompletionStatus
WaitForMultipleObjects
CreateIoCompletionPort
HeapAlloc
HeapFree
CreateFileW
GetTickCount
WaitForSingleObject
FindFirstFileW
FindClose
SetEvent
ResetEvent
CreateEventW
CallNamedPipeW
WaitNamedPipeW
SetLastError
SetNamedPipeHandleState
SetEndOfFile
SetFilePointerEx
GetFileAttributesW
lstrcmpW
SetThreadPriority
GetFileSizeEx
DeleteFileW
SetFileAttributesW
InterlockedDecrement
GetModuleFileNameW
lstrcpynW
LeaveCriticalSection
WideCharToMultiByte
InitializeCriticalSection
WriteFile
GetProcessHeap
InterlockedIncrement
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
HeapDestroy
ExitThread
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
GetStdHandle
GetModuleFileNameA
HeapCreate

user32

wsprintfW

advapi32

RegCloseKey
RegOpenCurrentUser
RegCreateKeyExW
RegSetValueExW

ws2_32

WSARecv
WSASend
WSAIoctl
inet_ntoa
inet_addr
htons
bind
recv
closesocket
gethostbyname
send
listen
WSAGetLastError
WSAStartup
WSACleanup
WSASocketW
socket
setsockopt
connect
shutdown

wininet

InternetOpenUrlW
InternetCloseHandle
InternetOpenW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

CreateDownloadClient
DestroyDownloadClient

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c36f2c9094c933bbd40148ec26b8fee7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ws2_32

wininet

version

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB