a0ac5f7d41e9801b531f8ca333c31021c5e064f13699dbd72f3dfd429f19bb26

Sharing

Copy URL Twitter E-mail

General

Target

a0ac5f7d41e9801b531f8ca333c31021c5e064f13699dbd72f3dfd429f19bb26
Size

210KB
MD5

bf14555b3a8378ab1276642160b52ffe
SHA1

e5f4ec79c3d4cb85732265ff668f852afff5143f
SHA256

a0ac5f7d41e9801b531f8ca333c31021c5e064f13699dbd72f3dfd429f19bb26
SHA512

09beaff72ad668943adf9a0caec0c385a621e1ea7c0db29c4c3eff08246129a1e423e2b31b9807d91ce2456b38239853c0040f6b9604f7275eb4726c90ab6188
SSDEEP

3072:d5kOotJcfxJTJiaJITjRNrw3Hs2dFTt8x4zBcz+fqnqbnsd3WIoK6LaFG:d2Ttox9sTtmHs2dNtziz+qn9FoK6Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0ac5f7d41e9801b531f8ca333c31021c5e064f13699dbd72f3dfd429f19bb26

Files

a0ac5f7d41e9801b531f8ca333c31021c5e064f13699dbd72f3dfd429f19bb26
.dll windows:5 windows x64 arch:x64

7b27efcd74f4597c081a7b6d52d4bdb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\project\owl\isapi\x64\Release\iisdll.pdb

Imports

kernel32

DeleteFileW
CloseHandle
TlsAlloc
CreatePipe
CreateEventW
GetLastError
GetStartupInfoA
MultiByteToWideChar
ReadFile
TerminateProcess
CreateProcessA
Sleep
TerminateThread
WideCharToMultiByte
TlsSetValue
GetWindowsDirectoryA
WaitForSingleObject
MoveFileExW
TlsFree
PeekNamedPipe
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetOEMCP
IsValidCodePage
GetACP
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
HeapFree
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsProcessorFeaturePresent
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TlsGetValue
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetProcessHeap
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW

advapi32

CloseServiceHandle
OpenSCManagerW
OpenServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
ControlService
DeleteService

httpapi

HttpCreateHttpHandle
HttpTerminate
HttpReceiveHttpRequest
HttpAddUrl
HttpSendResponseEntityBody
HttpReceiveRequestEntityBody
HttpSendHttpResponse
HttpInitialize
HttpRemoveUrl

ws2_32

WSAIoctl
connect
WSAStartup
inet_addr
select
WSAGetLastError
htons
getsockname
shutdown
setsockopt
recv
socket
closesocket
gethostbyname
send

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b27efcd74f4597c081a7b6d52d4bdb5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

httpapi

ws2_32

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 10KB - Virtual size: 20KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 10KB - Virtual size: 20KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 7KB