c9835f5611e11057ba11cb2c024cdcf3

Sharing

Copy URL Twitter E-mail

General

Target

c9835f5611e11057ba11cb2c024cdcf3
Size

99KB
MD5

c9835f5611e11057ba11cb2c024cdcf3
SHA1

38ff3dd0021dbf6bf3bab5d8a1f77138db23d154
SHA256

3ee70958fbfbf4e6f9df6a58aab56d4a50c36746500a65f54796216d27b6986d
SHA512

6b7f5505c155e448a4eb24aefc8641564b7ef848671edf4837cedd8161c4f1839e9c887a0be453a1cd403939e2e91e1fc1079932b9e5e515d3a5c7ca33057742
SSDEEP

3072:WtQo5FVQ3o/E33Q0HZeWgleMtQ15+4WkuVIdw9WRHlz+U+6PX+lJPg:qQo5Fi3o/1xeMt14WbWd2vU+eYJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9835f5611e11057ba11cb2c024cdcf3

Files

c9835f5611e11057ba11cb2c024cdcf3
.dll windows:5 windows x86 arch:x86

943679b1ae04b2b6daeedf17d9e48f07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rtutils.pdb

Imports

advapi32

RegEnumKeyExW
RegisterEventSourceW
ReportEventW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegNotifyChangeKeyValue
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryInfoKeyW

kernel32

EnterCriticalSection
LeaveCriticalSection
InterlockedExchangeAdd
DeleteCriticalSection
CancelWaitableTimer
InterlockedDecrement
HeapReAlloc
GetTickCount
CreateThread
HeapDestroy
ReleaseSemaphore
CreateIoCompletionPort
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadConsoleInputA
DisableThreadLibraryCalls
FreeLibraryAndExitThread
WaitForMultipleObjects
SetWaitableTimer
FreeConsole
SetEvent
lstrcpynA
GetCurrentThreadId
GetLocalTime
HeapFree
HeapAlloc
GetProcessHeap
lstrcatA
lstrcpynW
lstrcatW
TerminateProcess
GetCurrentProcess
TerminateThread
GetCurrentThread
InterlockedExchange
lstrlenA
lstrcpyA
lstrcmpA
SetConsoleScreenBufferSize
CreateConsoleScreenBuffer
GetLastError
GetStdHandle
AllocConsole
SetConsoleActiveScreenBuffer
CloseHandle
SetFilePointer
CreateFileA
CreateDirectoryA
MoveFileExA
WriteConsoleA
WriteFile
GetFileSize
lstrlenW
lstrcpyW
lstrcmpW
CreateFileW
CreateDirectoryW
MoveFileExW
WriteConsoleW
SetConsoleTitleA
CreateEventA
ExpandEnvironmentStringsA
CreateEventW
ExpandEnvironmentStringsW
MultiByteToWideChar
FormatMessageA
Sleep
LoadLibraryA
InterlockedCompareExchange
LocalFree
FormatMessageW
LoadLibraryW
GetModuleFileNameA
WaitForSingleObject
GlobalFree
GlobalAlloc
SetConsoleWindowInfo
GetConsoleScreenBufferInfo
FreeLibrary

msvcrt

mbstowcs
_except_handler3
_snwprintf
wcslen
memmove
printf
free
_initterm
malloc
_adjust_fdiv
wcstombs

ntdll

RtlAcquireResourceExclusive
RtlAcquireResourceShared
DbgBreakPoint
DbgPrompt
DbgPrint
RtlInitializeResource
RtlDeleteResource
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlNtStatusToDosError
NtSetIoCompletion
NtQuerySystemTime
RtlReleaseResource

user32

wsprintfA
wvsprintfW
wsprintfW
wvsprintfA

Exports

Exports

CreateWaitEvent
CreateWaitEventBinding
CreateWaitTimer
DeRegisterWaitEventBinding
DeRegisterWaitEventBindingSelf
DeRegisterWaitEventsTimers
DeRegisterWaitEventsTimersSelf
DebugPrintWaitWorkerThreads
LogErrorA
LogErrorW
LogEventA
LogEventW
MprSetupProtocolEnum
MprSetupProtocolFree
QueueWorkItem
RegisterWaitEventBinding
RegisterWaitEventsTimers
RouterAssert
RouterGetErrorStringA
RouterGetErrorStringW
RouterLogDeregisterA
RouterLogDeregisterW
RouterLogEventA
RouterLogEventDataA
RouterLogEventDataW
RouterLogEventExA
RouterLogEventExW
RouterLogEventStringA
RouterLogEventStringW
RouterLogEventValistExA
RouterLogEventValistExW
RouterLogEventW
RouterLogRegisterA
RouterLogRegisterW
SetIoCompletionProc
TraceDeregisterA
TraceDeregisterExA
TraceDeregisterExW
TraceDeregisterW
TraceDumpExA
TraceDumpExW
TraceGetConsoleA
TraceGetConsoleW
TracePrintfA
TracePrintfExA
TracePrintfExW
TracePrintfW
TracePutsExA
TracePutsExW
TraceRegisterExA
TraceRegisterExW
TraceVprintfExA
TraceVprintfExW
UpdateWaitTimer
WTFreeEvent
WTFreeTimer

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

943679b1ae04b2b6daeedf17d9e48f07

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

user32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.data Size: 56KB - Virtual size: 56KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 2KB - Virtual size: 2KB