cdb56900372e6b1645b4ab19ba4794e5c3979a4a3b7a0ae212e9352c72cfba66

Sharing

Copy URL Twitter E-mail

General

Target

cdb56900372e6b1645b4ab19ba4794e5c3979a4a3b7a0ae212e9352c72cfba66
Size

46KB
MD5

62c5bab4fe264efc3ed307c4d5b31fc1
SHA1

48bb166fc72ecdc8810a907b03432cda850bc2f9
SHA256

cdb56900372e6b1645b4ab19ba4794e5c3979a4a3b7a0ae212e9352c72cfba66
SHA512

0fd7f4599f50b06e19cdbb2181aac983613a4a3026d2ac20fe03aa951e88c789a4dd958c52a096cd2dbd024a6637b36236ce4f6530ab84bfa296e738c391c2d6
SSDEEP

768:26XtCb23Myoul80rXHq4bXPz8OQ6kO3PkRRwf4JRk1Td7oEhxq4bKrMjmERsq8O2:268bi17r8iX3PkO1CEhxqLgqERs7kj9G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdb56900372e6b1645b4ab19ba4794e5c3979a4a3b7a0ae212e9352c72cfba66

Files

cdb56900372e6b1645b4ab19ba4794e5c3979a4a3b7a0ae212e9352c72cfba66
.dll .vbs windows:5 windows x64 arch:x64 polyglot

af127e83612446aec6d26d97c9a5cb97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

M:\.conan\data\Perl\5.36.0\_\_\build\da475edbb7454d779f78385aff6e927a8d481030\Perl_src\lib\auto\Win32\Win32.pdb

Imports

perl536

Perl_newSVpvn
Perl_sv_free2
Perl_sv_2bool_flags
Perl_warn
Perl_warn_nocontext
Perl_sv_2iv_flags
Perl_safesysrealloc
Perl_croak
Perl_stack_grow
Perl_xs_handshake
Perl_newSViv
Perl_newSVpv
Perl_sv_setiv
Perl_newXS
Perl_more_bodies
Perl_hv_common_key_len
Perl_more_sv
Perl_sv_setpv
Perl_mg_get
Perl_croak_nocontext
Perl_newSVnv
Perl_sv_setpvn
Perl_sv_backoff
Perl_newRV_noinc
Perl_sv_2uv_flags
Perl_sv_2mortal
Perl_newSV
Perl_safesysfree
Perl_sv_grow
Perl_safesysmalloc
Perl_sv_newmortal
Perl_newSVpvn_flags
Perl_sv_magic
Perl_sv_2pv_flags

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winhttp

WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpReadData
WinHttpReceiveResponse
WinHttpGetProxyForUrl

kernel32

GetModuleHandleW
GetCurrentProcessId
SetConsoleCP
GetProcAddress
CreateProcessA
CloseHandle
DeleteFileW
WideCharToMultiByte
SetConsoleOutputCP
CreateDirectoryA
FormatMessageA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetVersionExA
LoadLibraryA
GetCurrentThread
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetSystemInfo
FreeLibrary
GetTickCount
CreateFileA
OutputDebugStringW
GetLastError
CopyFileA
GetComputerNameA
CreateDirectoryW
GetOEMCP
FindFirstFileW
SetLastError
GetCurrentProcess
GetConsoleOutputCP
WriteFile
ExpandEnvironmentStringsW
GetShortPathNameW
OutputDebugStringA
GetDriveTypeA
GetConsoleCP
FindClose
GetVolumeInformationA
CreateFileW
GetCurrentThreadId
GetModuleHandleA
GetACP
OpenProcess
MultiByteToWideChar
Sleep
FormatMessageW

user32

GetSystemMetrics
GetActiveWindow
MessageBoxW

advapi32

GetTokenInformation
OpenThreadToken
GetUserNameW
RegOpenKeyExA
FreeSid
OpenProcessToken
LookupAccountSidA
IsValidSid
LookupAccountNameA
InitiateSystemShutdownA
LookupPrivilegeValueA
AllocateAndInitializeSid
EqualSid
RegCloseKey
AdjustTokenPrivileges
AbortSystemShutdownA
LookupPrivilegeNameA
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoCreateGuid
CoTaskMemFree
StringFromCLSID

netapi32

NetApiBufferFree
NetWkstaGetInfo

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

vcruntime140

memcpy
__C_specific_handler
__std_type_info_destroy_list
strrchr
memset

api-ms-win-crt-string-l1-1-0

towupper
wcslen
strcpy
wcsncpy
wcscpy
toupper
strlen

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_cexit
_execute_onexit_table
_errno
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

Exports

Exports

boot_Win32

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af127e83612446aec6d26d97c9a5cb97

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

perl536

userenv

winhttp

kernel32

user32

advapi32

shell32

ole32

netapi32

version

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 52B

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 52B