80a8a9a2e91ead0ae5884e823dca73ef9fce59ff96111c632902d6c04401a4fe

Sharing

Copy URL Twitter E-mail

General

Target

80a8a9a2e91ead0ae5884e823dca73ef9fce59ff96111c632902d6c04401a4fe
Size

271KB
MD5

485f73bb3d69b70a4e9cd114cedca760
SHA1

ee4f38fd763631161986bea1eae3539254ee1a7a
SHA256

80a8a9a2e91ead0ae5884e823dca73ef9fce59ff96111c632902d6c04401a4fe
SHA512

edc8de60c0c655bdf93fc60514eb47c1d491f35b70f76e7d70c121e888150f391883ec8bdc93e1437ef3eb9ce370a210e273d61f1085561401c6908aa6185c0c
SSDEEP

6144:8DuNijNwG4mfqT+2Oa+AGO07TKUN1TaZDtWxujHl7:8DuN1VApetWaF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80a8a9a2e91ead0ae5884e823dca73ef9fce59ff96111c632902d6c04401a4fe

Files

80a8a9a2e91ead0ae5884e823dca73ef9fce59ff96111c632902d6c04401a4fe
.dll windows:5 windows x64 arch:x64

a1a32d746d781c1568b7afcfeb7ad62b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\shadow\finaljf\final\code\test\code\Calvin180621\x64\Release\Shadow.pdb

Imports

kernel32

DeleteFileA
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetModuleFileNameA
DeleteCriticalSection
GetPrivateProfileStringW
Sleep
GetModuleFileNameW
GetTempPathW
IsDebuggerPresent
SetEndOfFile
SystemTimeToFileTime
SetFileTime
CreateEventW
LoadLibraryA
GetLocalTime
GlobalFree
GetProcAddress
GetLastError
CreateDirectoryA
MultiByteToWideChar
CreateFileW
GetSystemDirectoryA
ReadFile
CreateProcessA
WideCharToMultiByte
GlobalAlloc
CloseHandle
GetTickCount
GetFileAttributesExA
WaitForSingleObject
PeekNamedPipe
SetFilePointer
GetFileSize
ReadConsoleW
OutputDebugStringW
WriteConsoleW
FlushFileBuffers
SetStdHandle
LCMapStringW
GetStringTypeW
HeapReAlloc
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
CreatePipe
WriteFile
CreateFileA
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetStdHandle
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
GetSystemTimeAsFileTime
HeapFree
EncodePointer
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
SetLastError
HeapAlloc
RtlPcToFileHeader
GetProcessHeap
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
RtlUnwindEx
EnterCriticalSection

advapi32

CryptGenRandom
RegSetValueExW
ControlService
RegDeleteValueW
StartServiceW
ChangeServiceConfig2W
RegCreateKeyW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CreateServiceW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyW
CryptAcquireContextW
CryptReleaseContext

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoCreateGuid

winhttp

WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpWriteData
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpQueryAuthSchemes
WinHttpQueryOption

iphlpapi

IcmpCloseHandle
GetNetworkParams
IcmpCreateFile
GetAdaptersInfo
IcmpSendEcho

urlmon

UrlMkGetSessionOption

shlwapi

PathUnExpandEnvStringsW

ws2_32

gethostbyname
WSACleanup
inet_addr
ntohl
WSAStartup
inet_ntoa
gethostname

Exports

Exports

ClientR
ServerI

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1a32d746d781c1568b7afcfeb7ad62b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

winhttp

iphlpapi

urlmon

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 189KB - Virtual size: 189KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 11KB - Virtual size: 30KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 189KB - Virtual size: 189KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 11KB - Virtual size: 30KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB