86140e6770fbd0cc6988f025d52bb4f59c0d78213c75451b42c9f812fe1a9354

Sharing

Copy URL Twitter E-mail

General

Target

86140e6770fbd0cc6988f025d52bb4f59c0d78213c75451b42c9f812fe1a9354
Size

412KB
MD5

bbc1133b81cc52f3410661f0e4185ad7
SHA1

df2992360845da9b3c3617e60c1dca993dd3ba68
SHA256

86140e6770fbd0cc6988f025d52bb4f59c0d78213c75451b42c9f812fe1a9354
SHA512

b344997c83df811175ecded2f9295c947855deac3137d23d1596860fdc80337d51b815bb8792a018e9992a24c79bc9ebb92f68c0468279f1a3692b289b9e0031
SSDEEP

6144:vdvFzH5JwmGLojbFfA4+i+0tMGAGU1Hy6LAFum5/tCN9O3rnlmGhAAODkpff:vD5J5nFfA4+L0tMGAGUNwphAZ0ff

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86140e6770fbd0cc6988f025d52bb4f59c0d78213c75451b42c9f812fe1a9354

Files

86140e6770fbd0cc6988f025d52bb4f59c0d78213c75451b42c9f812fe1a9354
.dll windows:5 windows x86 arch:x86

08e64eb557ed01a4674c3bf9cf88c4eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\build\nw20_sdk_win32\node-webkit\src\outst\nw\nw_elf.dll.pdb

Imports

kernel32

VerSetConditionMask
GetModuleHandleW
GetProcAddress
VerifyVersionInfoW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
LocalFree
LoadLibraryExA
ReadConsoleW
VirtualProtect
GetCurrentProcessId
GetProcessId
GetCommandLineA
GetLastError
GetCurrentProcess
VirtualQuery
GetCommandLineW
GetEnvironmentVariableW
GetNativeSystemInfo
SetEnvironmentVariableW
CreateDirectoryW
GetFileAttributesW
GetTempPathW
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
GetModuleFileNameW
ReadProcessMemory
WriteProcessMemory
GetModuleHandleExW
CreateFileW
CloseHandle
VirtualProtectEx
GetSystemInfo
IsDebuggerPresent
RaiseException
SetLastError
WaitForSingleObject
Sleep
CreateThread
GetCurrentThreadId
GetCurrentDirectoryW
DeleteFileW
WriteFile
OutputDebugStringA
GetLocalTime
GetTickCount
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryW
TerminateProcess
OpenProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetEvent
CreateEventW
FlushFileBuffers
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
FindClose
CreateRemoteThread
GetStdHandle
GetFileType
SleepEx
CreateProcessW
GetVersion
LockFileEx
UnlockFileEx
InitializeCriticalSection
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetUserDefaultLCID
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
GetProcessHeap
GetConsoleCP
GetConsoleMode
ExitProcess
SetStdHandle
GetModuleFileNameA
GetACP
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

AddDllToBlacklist
ClearCrashKeyValueImpl
CrashForException
DumpProcessWithoutCrash
GetBlacklistIndex
GetCrashReportsImpl
GetHandleVerifier
GetInstallDetailsPayload
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
IsBlacklistInitialized
RequestSingleCrashUploadImpl
SetCrashKeyValueImpl
SetMetricsClientId
SetUploadConsentImpl
SignalChromeElf
SignalInitializeCrashReporting
SuccessfullyBlocked

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crthunk
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08e64eb557ed01a4674c3bf9cf88c4eb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

version

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 4KB - Virtual size: 17KB

.didat Size: 512B - Virtual size: 56B

.crthunk Size: 512B - Virtual size: 64B

CPADinfo Size: 512B - Virtual size: 36B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 4KB - Virtual size: 17KB

.didat
Size: 512B - Virtual size: 56B

.crthunk
Size: 512B - Virtual size: 64B

CPADinfo
Size: 512B - Virtual size: 36B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB