ee07b8eccf95700dff7970d9f7df5858f7eb1da3e4652f03164326403e1d2dd1

Sharing

Copy URL

Twitter E-mail

General

Target

ee07b8eccf95700dff7970d9f7df5858f7eb1da3e4652f03164326403e1d2dd1
Size

1.1MB
MD5

de9b08a9fc03da4fd18e7a9e092b94e7
SHA1

71c7f2786c814501aac584f1a25522048000e028
SHA256

ee07b8eccf95700dff7970d9f7df5858f7eb1da3e4652f03164326403e1d2dd1
SHA512

123a51916d40d94b80ab780606cc76f140b43d6f6f28887d2c3a9623238afe900a42af19e0bf63cb39689d2f722dd0e33c48090e211cda76cf45dce0e2c5291d
SSDEEP

24576:92LOpzLN0qbGUs44T6I9l7VhcVCXfTFDNPo5R4hMmM:kO0qD4TZLXfThGvmM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee07b8eccf95700dff7970d9f7df5858f7eb1da3e4652f03164326403e1d2dd1

Files

ee07b8eccf95700dff7970d9f7df5858f7eb1da3e4652f03164326403e1d2dd1
.dll regsvr32 windows:5 windows x86 arch:x86

d132c0f3901202b28074edbc399eb1c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\work\workspace\CryptoPad\bin\ReleaseMT\TaskPlugin.pdb

Imports

kernel32

OpenProcess
GetCurrentProcessId
GetTickCount
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
SetLastError
LoadLibraryA
FreeLibrary
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForMultipleObjects
GetSystemDirectoryW
LoadLibraryW
VerSetConditionMask
SleepEx
VerifyVersionInfoW
InitializeCriticalSection
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
Process32NextW
FormatMessageA
ResetEvent
IsDebuggerPresent
OutputDebugStringW
ReadConsoleInputA
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
GetModuleHandleW
GetProcAddress
FlushConsoleInputBuffer
WideCharToMultiByte
MultiByteToWideChar
lstrcatW
GetComputerNameW
WaitForSingleObject
CloseHandle
CreateEventW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
InterlockedExchange
RaiseException
GetModuleFileNameW
Sleep
InitializeCriticalSectionAndSpinCount
GetProcessHeap
InterlockedCompareExchange
HeapFree
GlobalMemoryStatus
GetModuleHandleA
LocalFree
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
SetEnvironmentVariableA
CreateFileW
WriteConsoleW
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
SetStdHandle
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetConsoleCP
HeapAlloc
ExpandEnvironmentStringsA
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleMode
GetModuleFileNameA
SetConsoleCtrlHandler
WriteFile
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetCommandLineA
LoadLibraryExW
ExitThread
GetCurrentThreadId
CreateThread
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetStringTypeW
EncodePointer

user32

wsprintfW
PeekMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
SetWindowLongW
GetMessageW
PostMessageW
GetProcessWindowStation
GetUserObjectInformationW
DestroyWindow
GetWindowLongW
DefWindowProcW
MessageBoxA

advapi32

RegisterEventSourceA
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
DeregisterEventSource
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegDeleteKeyW
ReportEventA

ole32

CoCreateGuid
CoTaskMemFree
IIDFromString
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
StringFromIID

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

StrCmpNIW
PathAppendW

iphlpapi

GetIpForwardTable
GetAdaptersInfo

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

ws2_32

WSAStartup
getsockopt
closesocket
WSASetLastError
socket
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
recvfrom
sendto
send
bind
recv
setsockopt
getsockname
ntohs
htons
WSAGetLastError
connect
WSAIoctl
getpeername
__WSAFDIsSet
select
WSACleanup

wldap32

ord208
ord145
ord14
ord167
ord147
ord27
ord301
ord46
ord142
ord133
ord216
ord118
ord127
ord41
ord26
ord79

Exports

Exports

CallTaskFun
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 831KB - Virtual size: 830KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d132c0f3901202b28074edbc399eb1c4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

iphlpapi

psapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 831KB - Virtual size: 830KB

.rdata Size: 217KB - Virtual size: 217KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 831KB - Virtual size: 830KB

.rdata
Size: 217KB - Virtual size: 217KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 38KB - Virtual size: 37KB