E:\Jenkins\workspace\Osprey\Osprey_5.01\output\app\symbol\Win32\Release\TmopphDns.pdb
Static task
static1
Behavioral task
behavioral1
Sample
dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll
Resource
win7-20240221-en
General
-
Target
dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.zip
-
Size
452KB
-
MD5
6b2bdc5f691431e0723f65564ad1a90d
-
SHA1
91b4f2979d052195e9cf59c6384024089d401779
-
SHA256
6246f43bd1a5ef67db2a2170cf12bef8bfbbcc58f3f9a9072832d3ac20729a42
-
SHA512
d83263aa4a5357622e7c54cbb6b15d9f2e482c5ae11411ac6db7036afe8b242b096d4c50cb7dcf8022636df1fafdb5d881c0b01833a460a43da12c32b9a6d50d
-
SSDEEP
12288:YVTvsFnSbOjlDmzCO7WhezdBNBKQuy5jXA9a6odd:YVTF6pV6gWdjBnQ6d
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll
Files
-
dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.zip.zip
Password: infected
-
dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll.dll windows:6 windows x86 arch:x86
Password: infected
55f1ba0b782341fa929d61651ef47f0c
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
WideCharToMultiByte
CreateDirectoryA
Sleep
LocalFree
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WriteConsoleW
GetProcAddress
ResetEvent
CloseHandle
LoadLibraryA
SetEvent
GetLastError
MultiByteToWideChar
OpenEventW
GetModuleFileNameW
GetShortPathNameW
SetLastError
OpenEventA
GetModuleFileNameA
GetShortPathNameA
EnterCriticalSection
GetVersionExA
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
FormatMessageW
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
CreateFileW
GetFileType
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetCurrentThread
GetFileAttributesExW
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
FlushFileBuffers
DeleteFileW
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
OutputDebugStringW
advapi32
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsA
GetSecurityDescriptorSacl
SetEntriesInAclA
GetSecurityDescriptorDacl
SetNamedSecurityInfoA
ConvertStringSecurityDescriptorToSecurityDescriptorA
TraceMessage
GetNamedSecurityInfoA
SetSecurityInfo
ConvertStringSidToSidA
ConvertStringSecurityDescriptorToSecurityDescriptorW
shell32
SHGetFolderPathW
ole32
CoTaskMemFree
Exports
Exports
TmphCreateCtx
TmphCreateCtxEx
TmphDisconnectAllSessions
TmphExit
TmphFreeContext
GetModuleProp
TmphInit
TmphIsSupport
GetModul
GetModuleP
HetModuleProp
GetModulePro
Sections
.text Size: 504KB - Virtual size: 504KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 209KB - Virtual size: 209KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ