15d229163041391fd9c2db406d9da8858ebf57272db263efccafc7240d8ff5ed

Sharing

Copy URL Twitter E-mail

General

Target

15d229163041391fd9c2db406d9da8858ebf57272db263efccafc7240d8ff5ed
Size

64KB
MD5

5f77164b00807d313e2a3df6d9fe9aea
SHA1

fd613bf71ad7762476ee2c0d05529d3f09547b14
SHA256

15d229163041391fd9c2db406d9da8858ebf57272db263efccafc7240d8ff5ed
SHA512

ba779354ca734e7c98ef9d93f5387c4771cc9cb00c921df4bbe9dd07be9cad2fde85336089c370987b63ef4a02e0bc1718f57cfa1d7c90f218a355629db724af
SSDEEP

768:1hDBzbO0IH7W4717P17k9/OvjSuca0ru+Y1X906WdcTNKQW/gosWjcdZDpwpSAGQ:3RO0IbW47xiYFZPX9zwcrysWjcdZhri

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15d229163041391fd9c2db406d9da8858ebf57272db263efccafc7240d8ff5ed

Files

15d229163041391fd9c2db406d9da8858ebf57272db263efccafc7240d8ff5ed
.dll windows:5 windows x86 arch:x86

d7bad719686ac594f378d3d55295b79a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Jenkins\workspace\Build-sharedtech-LD-Dev\sharedtech\internal\Release\coresigner.pdb

Imports

libeay32

ord298
ord1882
ord2821
ord3109
ord399
ord246
ord281
ord66
ord3212
ord333
ord289
ord269

kernel32

SetLastError
GetStringTypeW
LCMapStringW
LoadLibraryW
OutputDebugStringW
CreateFileW
WriteConsoleW
HeapReAlloc
HeapAlloc
GetCPInfo
GetOEMCP
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetACP
IsValidCodePage
LoadLibraryExW
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
CloseHandle
GetLastError
HeapFree
InitializeCriticalSectionAndSpinCount
RtlUnwind
ReadFile
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
HeapSize
Sleep
WriteFile
WideCharToMultiByte
GetConsoleCP
SetEndOfFile
InterlockedIncrement
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetStdHandle
FlushFileBuffers
SetFilePointerEx
GetModuleFileNameW

oleaut32

SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData

Exports

Exports

SignData

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7bad719686ac594f378d3d55295b79a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libeay32

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB