89b312c81dd5d336494730d89c7784fe

General

Target

89b312c81dd5d336494730d89c7784fe
Size

16KB
MD5

89b312c81dd5d336494730d89c7784fe
SHA1

041a67aed2da7a3895df3742ed3f78e1ebb589fe
SHA256

e07474874d3e0d86abfd99a94f3d43a8d7859a4015e8f40e4fef30175da52f10
SHA512

55e7b47c1df31cfc054a95feaef53b69ee2ca269954176819936928f4f3d160cc806d730835efe2ba055dce3f5e56dd89e0f2273626a976d069fed53f7f4231d
SSDEEP

192:JtK5/b2O/owI0VfN1ljZqZtpnJJI0R8iyyhuUGPFKjEKyOFyBWHs4fheNb93X3PQ:JtKNb37jUZDJJx6ZVGFyBuxGnPV5rC1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89b312c81dd5d336494730d89c7784fe

Files

89b312c81dd5d336494730d89c7784fe
.dll windows:5 windows x86 arch:x86

310a823db493006acbe825f1ffffa455

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\pg\dependencies_src\openssl-1.0.2e\out32dll\sureware.pdb

Imports

libeay32

ord150
ord1893
ord1888
ord181
ord3245
ord1037
ord1038
ord1227
ord188
ord1029
ord1334
ord1333
ord1895
ord129
ord145
ord1095
ord1891
ord1030
ord2409
ord2268
ord1890
ord1885
ord705
ord2764
ord2659
ord2522
ord2494
ord2483
ord2992
ord2511
ord2473
ord2468
ord2497
ord2505
ord2512
ord2848
ord2841
ord2412
ord2416
ord2415
ord195
ord197
ord198
ord3393
ord209
ord283
ord279
ord487
ord1028
ord484
ord1081
ord109
ord2261
ord187
ord66
ord176
ord252
ord2881
ord966
ord483
ord247

msvcr100

_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
memcpy
memset
_except_handler4_common

kernel32

DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
EncodePointer

Exports

Exports

bind_engine
v_check

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

310a823db493006acbe825f1ffffa455

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libeay32

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB