0f5b2908c15a79017322cf193521b9f4e2af3660cfb14f8e09a718195ecf9602

Sharing

Copy URL Twitter E-mail

General

Target

0f5b2908c15a79017322cf193521b9f4e2af3660cfb14f8e09a718195ecf9602
Size

386KB
MD5

1b3e5dd5d28e635744c3495b83d5ded3
SHA1

f804a17cfc252a8368949c9e66f3337d5099edb6
SHA256

0f5b2908c15a79017322cf193521b9f4e2af3660cfb14f8e09a718195ecf9602
SHA512

475d2a376c0da19067ee867207a490416b2d9c92e469af34b973320bb8d17aa3fdc9ce50833351cebddb5993a40838b7c2a39b6cbcad553b14dd78cf3b35baf2
SSDEEP

6144:JBSwXDmovKiUAYiitnHdDj+GNKqAOW1EkCjmd:TSmbiAYiiH8qb3jmd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f5b2908c15a79017322cf193521b9f4e2af3660cfb14f8e09a718195ecf9602

Files

0f5b2908c15a79017322cf193521b9f4e2af3660cfb14f8e09a718195ecf9602
.dll windows:6 windows x86 arch:x86

aefefaa28d62dc0877ec7d0e63c5cabb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\JobRelease\win\Release\custact\x86\serval.pdb

Imports

msi

ord8
ord160
ord49
ord32
ord159
ord163
ord17
ord125
ord120
ord47
ord34
ord118
ord116
ord74
ord158
ord103
ord111
ord58
ord20
ord121
ord145

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

kernel32

GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
MultiByteToWideChar
RaiseException
FindNextFileW
CloseHandle
CreateFileW
GetLastError
ReadFile
WriteFile
FindClose
GetCurrentProcess
GetStdHandle
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
lstrcmpW
GetSystemDefaultLangID
WideCharToMultiByte
MulDiv
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetStdHandle
ReadConsoleW
WriteConsoleW
GetConsoleScreenBufferInfo
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
SetConsoleTextAttribute
IsDebuggerPresent
GetEnvironmentStringsW
GetConsoleOutputCP
GetCurrentThread
GetModuleFileNameA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetFileType
LoadLibraryA
SetUnhandledExceptionFilter
LocalFree
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
EncodePointer
SetLastError
GetLocaleInfoW
InitializeCriticalSection
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
FlushFileBuffers
GetStringTypeW
FormatMessageW

user32

GetClientRect
GetDC
GetWindowTextLengthW
LoadImageW
GetWindowRect
ShowWindow
DialogBoxIndirectParamW
GetWindowLongW
GetSystemMetrics
LoadStringW
IsWindow
IsWindowVisible
GetWindowTextW
EndDialog
SendMessageW
RedrawWindow
GetDlgItem
IsRectEmpty
SetWindowPos
MapWindowPoints
CharNextW
GetForegroundWindow
MessageBoxW
SetWindowTextW
SetWindowLongW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDeriveKey
RegEnumKeyExW
CryptReleaseContext
CryptAcquireContextW
IsTextUnicode
CryptGetProvParam
CryptDecrypt
CryptDestroyKey
CryptEncrypt
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
SysFreeString
SysStringLen

dbghelp

SymInitialize
SymFunctionTableAccess
SymGetModuleBase
StackWalk
SymGetLineFromAddr
SymSetSearchPath
SymCleanup
SymSetOptions

wininet

InternetCloseHandle
InternetOpenW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpQueryInfoW
InternetReadFile
InternetQueryOptionW
InternetSetOptionW

gdi32

CreateFontW
GetDeviceCaps
DeleteObject

Exports

Exports

ApplySku
ApplySkuNoCost
ValidateSerial

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aefefaa28d62dc0877ec7d0e63c5cabb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

crypt32

kernel32

user32

advapi32

ole32

oleaut32

dbghelp

wininet

gdi32

Exports

Exports

Sections

.text Size: 271KB - Virtual size: 270KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 271KB - Virtual size: 270KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 15KB - Virtual size: 14KB