2a3d191f2a3dafd0f3920611247c0a9bac0dfadea133d1bd4551054f58080f64

General

Target

2a3d191f2a3dafd0f3920611247c0a9bac0dfadea133d1bd4551054f58080f64
Size

13KB
MD5

87f62083583fe346bbd387af07463341
SHA1

52bd05f439eae5348b63b0c2627cb884c97e6ef5
SHA256

2a3d191f2a3dafd0f3920611247c0a9bac0dfadea133d1bd4551054f58080f64
SHA512

2c165d9451c48a7024f64a6042928d1072f9110476f7860682ec900bb8b917d6a3eb740b8a29a9d900c14dd2bec090551111fcefa176105e150ef6dd8396e06a
SSDEEP

192:ZXtusTz94BFT2yMcrI+PirZAH3+o31G8P14MX1Zy:PKBd+crI+6u3+o3DPD1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a3d191f2a3dafd0f3920611247c0a9bac0dfadea133d1bd4551054f58080f64

Files

2a3d191f2a3dafd0f3920611247c0a9bac0dfadea133d1bd4551054f58080f64
.dll windows:6 windows x86 arch:x86

1a7500611b2c1210cdc4f5fed2577476

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\code\xbot-native-components\projects\ShadowBot.Native.Tools\Release\debugger.pdb

Imports

ntdll

memset
memcpy
wcscpy_s
wcsstr
_errno

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo

kernel32

IsWow64Process
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CloseHandle
GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsProcessorFeaturePresent
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW

user32

CharLowerW

shlwapi

PathRemoveFileSpecW

Exports

Exports

DoDllProcAny

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a7500611b2c1210cdc4f5fed2577476

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-crt-runtime-l1-1-0

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 948B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 456B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 948B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 456B