a8df5944bc239c4b521884c2e345d7c4cff8fc2a5145f8b9c7e5390e8c7f9814

Sharing

Copy URL Twitter E-mail

General

Target

a8df5944bc239c4b521884c2e345d7c4cff8fc2a5145f8b9c7e5390e8c7f9814
Size

664KB
MD5

3fe1e64c3161743be495ceb4f79b97c3
SHA1

0fdb02292f5f42e4222be2cf1df5289b218b5c02
SHA256

a8df5944bc239c4b521884c2e345d7c4cff8fc2a5145f8b9c7e5390e8c7f9814
SHA512

c674413b2571c8d6dcdd257987196caa0b13d2707385b289e2d8f9ba0d4627b55103216f2de711bf2090162996b5c7ed6be92134fc105c0d6473344cdd0fac74
SSDEEP

12288:4QlPgVROQRxvgpwaEQFyQTWYOwL58peJqwWd:4/E9wrQTkwLoeqwWd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8df5944bc239c4b521884c2e345d7c4cff8fc2a5145f8b9c7e5390e8c7f9814

Files

a8df5944bc239c4b521884c2e345d7c4cff8fc2a5145f8b9c7e5390e8c7f9814
.dll windows:6 windows x64 arch:x64

08281f87016409ab4ffb2319b158ebeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\processhacker\bin\Release64\plugins\NetworkTools.pdb

Imports

processhacker.exe

PhDestroyEMenu
PhFindStringInStringRef
PhShowEMenu
PhFinalStringBuilderString
PhRemoveStringBuilder
PhSetClipboardString
PhGetWin32Message
PhHandleCopyCellEMenuItem
PhCreateEMenu
PhAppendFormatStringBuilder
PhInitializeStringBuilder
PhHttpDnsQuery
PhGetTreeNewText
PhFindEntryHashtable
PhfBeginInitOnce
PhCmSaveSettings
PhCreateObject
PhCreateHashtable
PhClearHashtable
PhInitializeTreeNewColumnMenu
PhHandleTreeNewColumnMenu
PhfEndInitOnce
PhAddItemList
PhDeleteTreeNewColumnMenu
PhCmLoadSettings
PhClearList
PhSetIntegerPairSetting
PhSetControlTheme
PhCreateObjectType
PhCreateList
PhAddEntryHashtable
PhfResetEvent
PhInsertCopyCellEMenuItem
PhHttpSocketBeginRequest
PhDeleteCacheFile
PhOpenKey
PhShowMessage
PhQueryRegistryString
PhCreateDirectory
PhHttpSocketConnect
PhCreateFileWin32
PhConvertUtf16ToUtf8
PhRegisterWindowCallback
PhGetPhVersionNumbers
PhHttpSocketParseUrl
PhHttpSocketAddRequestHeaders
PhHttpSocketDestroy
PhHttpSocketReadData
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhGetPhVersion
PhConcatStrings2
PhHttpSocketEndRequest
PhHttpSocketCreate
PhDeleteFileWin32
PhGetFullPath
PhfWaitForEvent
PhHttpSocketSetFeature
PhCreateCacheFile
PhUnregisterWindowCallback
PhFormatToBuffer
PhCreateThreadEx
PhHttpSocketSendRequest
PhCreateBytesEx
PhReAllocate
PhReferenceEmptyString
PhStringToInteger64
PhCountStringZ
PhTrimStringRef
PhCreateAlloc
PhAppendStringBuilder2
PhSetFlagsEMenuItem
PhShellProcessHacker
PhGetGlobalWorkQueue
PhfSetEvent
PhMainWndHandle
PhSetWindowContext
PhGenerateRandomAlphaString
PhFormatString
PhApplicationFont
PhAllocate
PhSaveWindowPlacementToSetting
PhDivideSinglesBySingle
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG
PhDeleteAutoPool
PhInitializeWindowTheme
PhConvertUtf16ToMultiByte
PhSiSetColorsGraphDrawInfo
PhUnregisterCallback
PhDeleteGraphState
PhGlobalDpi
PhGraphStateGetDrawInfo
PhGetIntegerPairSetting
PhAddLayoutItemEx
PhGetWindowContext
PhLoadWindowPlacementFromSetting
PhCreateStringEx
PhDrainAutoPool
PhQueueItemWorkQueue
PhConcatStrings
PhCreateThread2
PhFormatString_V
PhDeleteWorkQueue
PhSetGraphText
PhInitializeAutoPool
PhCenterWindow
PhFree
PhSetWindowText
PhInstanceHandle
PhInitializeWorkQueue
PhLoadIcon
PhRemoveWindowContext
PhGetStatisticsTimeString
PhInitializeLayoutManager
PhDeleteLayoutManager
PhFreeFileDialog
PhShowFileDialog
PhGetWindowText
PhSetFileDialogFilter
PhCreateOpenFileDialog
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetDialogItemValue
PhSetStringSetting2
PhSetDialogItemText
PhAddLayoutItem
PhSetIntegerSetting
PhGetFileName
PhLayoutManagerLayout
PhSetDialogItemValue
PhInsertEMenuItem
PhCreateString
PhaChoiceDialog
PhFormatSize
PhPluginCreateEMenuItem
PhCreateEMenuItem
PhCompareStringRef
PhfWakeForReleaseQueuedLock
PhAddSettings
PhGetGeneralCallback
PhPluginSetObjectExtension
PhRegisterCallback
PhGetIntegerSetting
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhfAcquireQueuedLockExclusive
PhPluginGetObjectExtension
PhGetOwnTokenAttributes
PhFormatUInt64
PhQuerySystemTime
PhConvertUtf8ToUtf16Ex
PhEqualStringRef
PhGetStringSetting
PhDoesFileExistsWin32
PhGetBaseName
PhLoadPngImageFromResource
PhAutoDereferenceObject
PhConcatStringRef2
PhReferenceObject
PhExpandEnvironmentStrings
PhDereferenceObject
PhDetermineDosPathNameType
PhShellExecute
PhGetApplicationDirectory

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtClose
NtWriteFile
RtlIpv6AddressToStringExW
RtlIpv4StringToAddressW
RtlIpv4AddressToStringExW
RtlIpv6StringToAddressW
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlTimeToSecondsSince1970

kernel32

FindFirstFileExW
WideCharToMultiByte
SetEndOfFile
LCMapStringW
MultiByteToWideChar
SetStdHandle
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileType
SetFilePointerEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FindClose
WriteFile
ReadFile
LoadLibraryW
GetLastError
MapViewOfFile
CreateFileMappingW
GetFileSize
CloseHandle
UnmapViewOfFile
CreateFileW
GetCommandLineA
GetCommandLineW
GetProcessHeap
GetStringTypeW
WriteConsoleW
FlushFileBuffers
HeapSize
HeapReAlloc

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08281f87016409ab4ffb2319b158ebeb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

processhacker.exe

ntdll

kernel32

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 213KB - Virtual size: 212KB

.data Size: 104KB - Virtual size: 109KB

.pdata Size: 7KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 464B

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 213KB - Virtual size: 212KB

.data
Size: 104KB - Virtual size: 109KB

.pdata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 464B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 15KB - Virtual size: 14KB