594bde000ac8508f50361ff9bdaa8de2

Sharing

Copy URL Twitter E-mail

General

Target

594bde000ac8508f50361ff9bdaa8de2
Size

185KB
MD5

594bde000ac8508f50361ff9bdaa8de2
SHA1

f3a82142365460a2a9b300a77d3c2ba9a20c55a5
SHA256

10c227e83f3fc25bb9ef829d65ee400f86c139a3515d5876e48bfea90900c071
SHA512

ebde2217dd5a1ce528b17854e5ee110f79611c30c5d467865db8bd71d4dd64602f1a2ee69e92183e4bf4779e39f675f6b97d6e4971936fba218b7d3ddc713ccf
SSDEEP

3072:Gw+SsaUJBta2mRPGzM5Toka36ks7JvOKSs+4NQ+ZRNTf6:GpSsTBta24Mr361L6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
594bde000ac8508f50361ff9bdaa8de2

Files

594bde000ac8508f50361ff9bdaa8de2
.dll windows:6 windows x64 arch:x64

e71d24ba7fd660cca7e2f37173734a4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\processhacker\bin\Release64\plugins\OnlineChecks.pdb

Imports

processhacker.exe

PhFormatString
PhCreateObjectType
PhBufferToHexString
PhFinalHash
PhFormatSize
PhQuerySystemTime
PhGetFileSize
PhInitializeHash
PhGetJsonObjectBool
PhCreateString
PhFormatToBuffer
PhSetWindowContext
PhGetJsonValueAsString
PhGetJsonObject
PhHttpSocketSendRequest
PhOpenKey
PhCreateBytesEx
PhQueryRegistryUlong
PhCreateJsonArray
PhFormatDate
PhExpandEnvironmentStrings
PhConvertUtf8ToUtf16
PhCreateJsonObject
PhHttpSocketCreate
PhConcatStringRef2
PhFree
PhFormatDateTime
PhQueryRegistryString
PhGetServiceDllParameter
PhDelayExecution
PhGetJsonObjectAsArrayList
PhGetJsonArrayIndexObject
PhConvertUtf16ToUtf8
PhGetJsonArrayString
PhHexStringToBuffer
PhConvertUtf16ToMultiByte
PhAddJsonArrayObject
PhAddItemList
PhFormatTime
PhCreateBytes
PhQueryFullAttributesFileWin32
PhParseCommandLineFuzzy
PhGetJsonArrayLength
PhAddJsonObject
PhLargeIntegerToLocalSystemTime
PhCreateList
PhCreateThreadEx
PhHttpSocketEndRequest
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
PhGetPhVersion
PhfEndInitOnce
PhHttpSocketQueryHeaderUlong
PhHttpSocketDestroy
PhDeleteAutoPool
PhHttpSocketAddRequestHeaders
PhCountStringZ
PhGetJsonValueAsLong64
PhSetFilePosition
PhShowStatus
PhHttpSocketParseUrl
PhGetClassObject
PhUpdateHash
PhGetBaseName
PhGetWindowContext
PhHttpSocketGetErrorMessage
PhCreateFileWin32
PhLoadMappedImageEx
PhCreateThread2
PhHttpSocketConnect
PhFreeJsonParser
PhHttpSocketWriteData
PhCreateObject
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhUnloadMappedImage
PhDeleteStringBuilder
PhGetJsonArrayLong64
PhHttpSocketDownloadString
PhCreateJsonParser
PhfBeginInitOnce
PhRemoveWindowContext
PhHttpSocketBeginRequest
PhShellExecute
PhFormatUInt64
PhGetGlobalWorkQueue
PhQueueItemWorkQueue
PhFormatString_V
PhMainWndHandle
PhInsertEMenuItem
PhShellProcessHacker
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhCreateEMenuItem
PhCompareStringRef
PhSetFileDialogFilter
PhFindEMenuItem
PhCreateOpenFileDialog
PhAddSettings
PhGetFileDialogFileName
PhGetGeneralCallback
PhPluginSetObjectExtension
PhIndexOfEMenuItem
PhAutoDereferenceObject
PhRegisterCallback
PhSetIntegerSetting
PhGetIntegerSetting
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhInstanceHandle
PhLoadIcon
PhPluginGetObjectExtension
PhHashStringRef
PhFormat
PhAllocate
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhCreateHashtable
PhReferenceObject
PhfAcquireQueuedLockExclusive
PhDereferenceObject
PhGetFileName
PhFindEntryHashtable

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RtlNtStatusToDosError
NtQueryInformationThread
NtClose
NtSetInformationThread
NtReadFile
RtlRandomEx

kernel32

GetStringTypeW
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
SystemTimeToTzSpecificLocalTime
GetLastError
GetConsoleCP
GetConsoleMode
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e71d24ba7fd660cca7e2f37173734a4b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

processhacker.exe

ntdll

kernel32

Sections

.text Size: 113KB - Virtual size: 112KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 96B

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 96B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB