dfbbdc0b77fbd5581878b89ed26b2b17e8850f94f6ab2523755fb17e81e7a8bf

Sharing

Copy URL Twitter E-mail

General

Target

dfbbdc0b77fbd5581878b89ed26b2b17e8850f94f6ab2523755fb17e81e7a8bf
Size

334KB
MD5

6993bc271831484854e140a8dccae52a
SHA1

40a4f999b1b68bdcfc88189218389abef35b08f2
SHA256

dfbbdc0b77fbd5581878b89ed26b2b17e8850f94f6ab2523755fb17e81e7a8bf
SHA512

c542afbbaac6144a3385fe720e5d08c29384c3e820e5e83cd0ae78847b0c7b884fe84516d880c9a33cfb13818d261f86fd3524e3b37096544cbc2661b569bbc0
SSDEEP

6144:+E2K6MBemN+KZOSzq3voKKAlI2np61bcPcxkDJZaUFZsDgBBMIerrVw/o59joab7:+E2K6Npczm2VFE/n1Di

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfbbdc0b77fbd5581878b89ed26b2b17e8850f94f6ab2523755fb17e81e7a8bf

Files

dfbbdc0b77fbd5581878b89ed26b2b17e8850f94f6ab2523755fb17e81e7a8bf
.sys windows:5 windows x86 arch:x86

63368eb7364c1321a2cf6e5542cf0a2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\workplace\AndroidEmulator\UI_Release_Packet_New\Basic\Client\AEngine\aow\Release\aow_exe.pdb

Imports

ntdll

ZwResumeThread
swprintf
ZwGetContextThread
RtlGetVersion
ZwQuerySystemInformation
ZwReadVirtualMemory
ZwSetInformationFile
ZwSuspendThread
ZwQueryInformationProcess
RtlImageNtHeader
ZwQueryInformationFile
ZwQueryInformationThread
ZwWriteFile
ZwReadFile
RtlFreeHeap
RtlInitUnicodeString
ZwWaitForSingleObject
ZwCreateFile
RtlAllocateHeap
NtDelayExecution
RtlCreateUserThread
NtSetEvent
RtlEnterCriticalSection
NtDeviceIoControlFile
NtWaitForSingleObject
NtCreateFile
RtlDeleteCriticalSection
NtCreateEvent
RtlLeaveCriticalSection
RtlInitializeCriticalSection
NtResetEvent
ZwCreateEvent
ZwFsControlFile
ZwCancelIoFile
ZwCreateNamedPipeFile
ZwFlushBuffersFile
ZwWaitForMultipleObjects
RtlSetLastWin32Error
RtlNtStatusToDosError
_snprintf
_vsnprintf
strrchr
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtProtectVirtualMemory
NtQuerySystemInformation
NtQueryInformationThread
RtlRaiseException
NtFsControlFile
NtWriteVirtualMemory
NtQueryInformationProcess
strncpy
NtSetInformationThread
NtOpenThread
NtClose
RtlRandom
NtQueryPerformanceCounter
NtCreateNamedPipeFile
NtQueryVirtualMemory
NtOpenFile
NtTerminateThread
NtCreateThread
NtTerminateProcess
strstr
LdrGetProcedureAddress
LdrGetDllHandle
NtCreateProcess
RtlAddVectoredExceptionHandler
NtGetContextThread
RtlExitUserThread
sprintf
sscanf
RtlAnsiStringToUnicodeString
NtSetContextThread
NtYieldExecution
RtlInitAnsiString
RtlPcToFileHeader
strchr
RtlTimeToTimeFields
NtResumeThread
NtSuspendThread
strncmp
RtlFreeUnicodeString
memset
memcpy
_allmul
_chkstk
_alldiv

Exports

Exports

GetModuleHandle64
GetProcAddress64
GetThreadContext64
GetWow64Statck
ReadProcessMemory64
SetLastErrorFromX64Call
SetThreadContext64
VirtualAllocEx64
VirtualFreeEx64
VirtualProtectEx64
VirtualQueryEx64
WriteProcessMemory64
X64Call
_CloseHandle@4
_CreatePipe@16
_GetCurrentProcessorNumber@0
_GetExitCodeProcess@8
_GetExitCodeThread@8
_GetLocalTime@4
_GetStdHandle@4
_GetThreadContext@8
_GetThreadPriority@4
_GetTickCount@0
_InterlockedCompareExchange@12
_InterlockedDecrement@4
_InterlockedExchange@8
_InterlockedIncrement@4
_PeekNamedPipe@24
_RaiseException@16
_ReadProcessMemory@20
_SetFilePointer@16
_SetThreadAffinityMask@8
_SetThreadPriority@8
_VirtualAlloc@16
_VirtualAllocEx@20
_VirtualFree@12
_VirtualFreeEx@16
_VirtualProtect@16
_VirtualQuery@12
_WriteFile@20
_WriteProcessMemory@20

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63368eb7364c1321a2cf6e5542cf0a2b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

Exports

Exports

Sections

.text Size: 191KB - Virtual size: 191KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 13KB - Virtual size: 64KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 92KB - Virtual size: 92KB

.text
Size: 191KB - Virtual size: 191KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 13KB - Virtual size: 64KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 92KB - Virtual size: 92KB