eea61e2d014ab260ee9075579f2662b6862da4cf2d0508b5ac2f5d9444b47743

Sharing

Copy URL

Twitter E-mail

General

Target

eea61e2d014ab260ee9075579f2662b6862da4cf2d0508b5ac2f5d9444b47743
Size

15KB
MD5

03aad2cf835bef96122d12cf5efea7db
SHA1

432124ff2ae9c67d0c613b8b5e6017865bcbc7db
SHA256

eea61e2d014ab260ee9075579f2662b6862da4cf2d0508b5ac2f5d9444b47743
SHA512

d143728caca4ad54cf87eeda811d4e02275a453a1916a8dd6753cd1780e5010325bc4de4149b4ec4908f1ef69968ae7950c886252e0defbd908d5f30b53b585a
SSDEEP

384:GyF4aDNep0gyc3ADFnWtl4wHmDAX+sjSAEtI:afINAWD9sdEt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eea61e2d014ab260ee9075579f2662b6862da4cf2d0508b5ac2f5d9444b47743

Files

eea61e2d014ab260ee9075579f2662b6862da4cf2d0508b5ac2f5d9444b47743
.dll windows:6 windows x86 arch:x86

e56dd62cd45a221c1dddae2b730747b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\dev\ᛋᛋ\client_vs2022\Release\client.pdb

Imports

kernel32

GetModuleFileNameA
CreateThread
LoadLibraryA
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
VirtualAlloc
GetProcAddress
GetModuleHandleW
FreeLibrary
MoveFileExA
GetLastError
MultiByteToWideChar
GetSystemTimeAsFileTime

ws2_32

WSAStartup
WSAGetLastError
htons
setsockopt
recv
socket
closesocket
gethostbyname
send
connect

crypt32

CertFreeCertificateContext
CertFreeCertificateChain
CertGetIssuerCertificateFromStore
CertOpenSystemStoreA
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFindChainInStore
CertCloseStore
CertNameToStrA

secur32

FreeContextBuffer
EncryptMessage
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeCredentialsHandle
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesA

msvcr120

memcpy
_except_handler4_common
__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_initterm_e
fopen
fclose
sprintf
free
malloc
realloc
vsprintf
__iob_func
fflush
_beginthread
fprintf
strrchr
??2@YAPAXI@Z
strstr
??3@YAXPAX@Z
fwrite
strtoul
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
memset

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e56dd62cd45a221c1dddae2b730747b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

crypt32

secur32

msvcr120

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 996B

.reloc Size: 1024B - Virtual size: 796B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 996B

.reloc
Size: 1024B - Virtual size: 796B