d4cdf064beb2d17889275cc9d334ce54

Sharing

Copy URL Twitter E-mail

General

Target

d4cdf064beb2d17889275cc9d334ce54
Size

160KB
MD5

d4cdf064beb2d17889275cc9d334ce54
SHA1

0d2849964ec25dc6fa0685694fb7768cce03611f
SHA256

24bcad737a3085d7e8885a9f7f8c62bca58b1e6fe3297dbfe318801fd9aab7ce
SHA512

fc3bfec4281217dba1015e3c804ebae43b57c2ded2d7aee1dc35335206301ca7dacd915c389faffca9cc40882fcf1a736fbd4193a7c9b8a587019968a9f8fdbe
SSDEEP

3072:ijResiYGuzabQYXRdD9xOIwZm11ViTBfRj5B7+lx:ij04a/59xOIrxiTBJ37+P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4cdf064beb2d17889275cc9d334ce54

Files

d4cdf064beb2d17889275cc9d334ce54
.dll windows:5 windows x86 arch:x86

015bad35f63ccd283732a0d8d4b02f3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\job\gh0st\DLL\Server.pdb

Imports

ws2_32

WSAIoctl
connect
inet_ntoa
WSAStartup
select
htons
ntohs
setsockopt
WSACleanup
recv
socket
closesocket
gethostbyname
getpeername
gethostname
getsockname
send

wininet

InternetOpenW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW

shlwapi

StrCmpIW
StrRChrW
StrStrIW
StrStrW

imm32

ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext

avicap32

capGetDriverDescriptionW
capCreateCaptureWindowW

msvfw32

ICCompressorFree
ICSeqCompressFrameStart
ICClose
ICOpen
ICSeqCompressFrameEnd
ICSeqCompressFrame
ICSendMessage

winmm

waveOutUnprepareHeader
waveInGetNumDevs
waveInReset
waveInUnprepareHeader
waveInOpen
waveInPrepareHeader
waveOutReset
waveOutOpen
waveOutGetNumDevs
waveOutPrepareHeader
waveInAddBuffer
waveInStart
waveOutClose
waveInClose
waveOutWrite

psapi

GetModuleFileNameExW
EnumProcessModules

kernel32

GetProcAddress
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
SetEvent
CreateEventW
CloseHandle
GetTickCount
Sleep
InterlockedExchange
ResetEvent
CancelIo
GetFileSize
FindFirstFileW
SetFilePointer
GetDriveTypeW
CreateProcessW
GetLogicalDriveStringsW
CreateDirectoryW
OutputDebugStringW
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
lstrcmpW
lstrlenW
GetLastError
MoveFileW
FindClose
RemoveDirectoryW
lstrcatW
FindNextFileW
GetDiskFreeSpaceExW
DeleteFileW
LocalFree
lstrcpyW
GetVolumeInformationW
GetCurrentProcess
TerminateThread
lstrcpynW
GetModuleFileNameW
GetExitCodeThread
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
VirtualQuery
GetLocalTime
CreateFileMappingW
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
lstrcmpiW
GetCurrentThreadId
GetCommandLineW
GetEnvironmentVariableW
SetPriorityClass
lstrlenA
SetErrorMode
GetModuleHandleW
GetCurrentThread
SetProcessPriorityBoost
GetVersionExW
SetThreadPriority
GetShortPathNameW
lstrcpyA
PeekNamedPipe
TerminateProcess
GetStartupInfoW
DisconnectNamedPipe
CreatePipe
ExpandEnvironmentStringsW
OpenProcess
HeapSize
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
LocalSize
WideCharToMultiByte
MultiByteToWideChar
ExitThread
CreateThread
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA

user32

CharNextW
ExitWindowsEx
UnhookWindowsHookEx
SetWindowsHookExW
GetKeyNameTextW
GetActiveWindow
GetWindowTextW
CallNextHookEx
mouse_event
SetClipboardData
GetSystemMetrics
OpenClipboard
BlockInput
wsprintfW
EmptyClipboard
SystemParametersInfoW
GetClipboardData
SetCursorPos
IsWindow
LoadCursorW
SetCapture
MapVirtualKeyW
CloseClipboard
keybd_event
GetCursorPos
GetDesktopWindow
ReleaseDC
SetRect
GetCursorInfo
GetDC
GetUserObjectInformationW
SetThreadDesktop
CloseDesktop
OpenDesktopW
OpenInputDesktop
PostMessageW
GetThreadDesktop
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CreateWindowExW
CloseWindow
SendMessageW
WindowFromPoint
DestroyCursor

gdi32

GetDIBits
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
CreateDIBSection
DeleteObject

advapi32

InitializeSecurityDescriptor
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
RegDeleteValueW
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
GetLengthSid
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
SetSecurityDescriptorDacl
RegQueryValueW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCloseKey

shell32

SHGetFileInfoW
SHChangeNotify
ShellExecuteExW

Exports

Exports

Install
ServiceMain
UnInstall

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

015bad35f63ccd283732a0d8d4b02f3f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

shlwapi

imm32

avicap32

msvfw32

winmm

psapi

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 10KB - Virtual size: 9KB