852c3e40c616d9dfa6908331f6dbf9e0f2ab0850489c33436d6d2a26c736ac23

Sharing

Copy URL Twitter E-mail

General

Target

852c3e40c616d9dfa6908331f6dbf9e0f2ab0850489c33436d6d2a26c736ac23
Size

197KB
MD5

ae3944c1ae047d502e1e64ad8b5113b1
SHA1

a59c4cee1e47def1fdc8adc8029bf959de2fda63
SHA256

852c3e40c616d9dfa6908331f6dbf9e0f2ab0850489c33436d6d2a26c736ac23
SHA512

ffaba6b01ebcb530e4ea59b5204eb74242b5e7e305d1509703c32e4ab355d8dba0856049a062f3b280e5c52d59cf96af68d5bdf107ef7164c15585ee85731ee1
SSDEEP

3072:CJp5d5o+KMVn1Gyo6+hkLlG9SemTeljCwdn2MmjaHaQUljj6/UM:C3+9WoHseSrTizh2Mmj1joU

Score

10^/10

Malware Config

Signatures

Detects Reflective DLL injection artifacts 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_ReflectiveLoader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
852c3e40c616d9dfa6908331f6dbf9e0f2ab0850489c33436d6d2a26c736ac23

Files

852c3e40c616d9dfa6908331f6dbf9e0f2ab0850489c33436d6d2a26c736ac23
.dll windows:5 windows x64 arch:x64

0907fa130fac126ff0bb37eba930cd71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl
htonl
freeaddrinfo
getaddrinfo
WSADuplicateSocketA
WSAGetLastError
WSAStartup
gethostbyname
socket
setsockopt
send
select
recv
listen
inet_ntoa
inet_addr
connect
closesocket
bind
accept
htons

crypt32

CryptDecodeObjectEx
CryptImportPublicKeyInfo
CryptStringToBinaryA
CertGetCertificateContextProperty

wininet

InternetOpenW
InternetConnectW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW

winhttp

WinHttpOpen
WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryOption
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl

kernel32

EnterCriticalSection
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
VirtualAllocEx
OpenProcess
GetCurrentProcess
GetLastError
WriteProcessMemory
CloseHandle
DuplicateHandle
CreateEventW
FreeLibrary
GetProcAddress
VirtualAlloc
VirtualFree
OpenThread
SetLastError
SuspendThread
ResumeThread
Sleep
LoadLibraryA
GetVersionExW
LeaveCriticalSection
Thread32First
Thread32Next
FlushInstructionCache
VirtualProtect
VirtualQuery
LoadLibraryW
GetModuleHandleA
ExitProcess
SetUnhandledExceptionFilter
ExitThread
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
LocalFree
WriteFile
GetSystemDirectoryW
CreateFileA
GetVolumeInformationW
GetComputerNameW
CreateRemoteThread
GetThreadId
WaitForMultipleObjects
LocalAlloc
GetOverlappedResult
ResetEvent
ReadFile
ConnectNamedPipe
CreateNamedPipeA
GetCurrentProcessId
GetCurrentThreadId
SetHandleInformation
FlushFileBuffers
PeekNamedPipe
CreateFileW
CreateNamedPipeW
GlobalFree
CreateThread
TerminateThread
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
MultiByteToWideChar
WideCharToMultiByte
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleFileNameW
GetStdHandle
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
SetStdHandle
WriteConsoleW
CreateToolhelp32Snapshot
SetNamedPipeHandleState
GetModuleHandleExW
HeapFree
HeapAlloc
RtlUnwindEx
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
EncodePointer
DecodePointer

user32

GetProcessWindowStation
GetUserObjectInformationW
GetThreadDesktop

advapi32

SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ImpersonateLoggedOnUser
OpenThreadToken

ole32

CoCreateGuid

Exports

Exports

ReflectiveLoader

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0907fa130fac126ff0bb37eba930cd71

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wininet

winhttp

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 132KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 15KB - Virtual size: 34KB

.pdata Size: 6KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 15KB - Virtual size: 34KB

.pdata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 1KB