d7c35f4ed0874f77393b441474f77f0ae41d7e33af197820a70e36da814beb40

Sharing

Copy URL

Twitter E-mail

General

Target

d7c35f4ed0874f77393b441474f77f0ae41d7e33af197820a70e36da814beb40
Size

169KB
MD5

f03324e7efe69afca46e27b507b15479
SHA1

905e247f1d9cc5a58384991ba49d539f80484146
SHA256

d7c35f4ed0874f77393b441474f77f0ae41d7e33af197820a70e36da814beb40
SHA512

89e142458c8dd8569a3f24da2b99d2194dae67c78591fd94ea26f557a51013b87752f41a87b05cdd389f7817ee101cf2b513e00f13e21d2e00343a55d61422b3
SSDEEP

3072:uQiqqnUlzjoSPZQiMvmuda8TecQma32KXvenJ8V+Ey6bKnzyqBwTcpP5gpxv:gWjdPuNvmuMc/aVX2VE4P5gpxv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7c35f4ed0874f77393b441474f77f0ae41d7e33af197820a70e36da814beb40

Files

d7c35f4ed0874f77393b441474f77f0ae41d7e33af197820a70e36da814beb40
.dll windows:6 windows x86 arch:x86

bc33f889f51f72340a88263ed0c60991

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\wtf\_x86\driver.net\dev.net.em.drv:pdb

Imports

lib.netstack

??0Packet@netstack@@QAE@IPAX_N@Z
??1Packet@netstack@@QAE@XZ

lib.io.char

?create@StringPrinter@@SA?AV?$Ref@VStringPrinter@@@@XZ

lib.pci.header

?create@MSIControl@Library@PCI@Services@@SA?AV?$Ref@VMSIControl@Library@PCI@Services@@@@V?$Ref@VSpace@PCI@Interfaces@@@@U?$Set@W4Flag@MSIControl@Library@PCI@Services@@IU?$EnumSeqConvert@W4Flag@MSIControl@Library@PCI@Services@@I@Definitions@@@Definitions@@_K@Z
?create@PCIHeader@@SA?AV?$Ref@VPCIHeader@@@@V?$Ref@VSpace@PCI@Interfaces@@@@@Z

lib.syslog

?id@SysLogFilter@@SAII@Z
?reg@SysLogFilter@@SAIPBD@Z
?stdOutPrinter@SysLogStream@@SA?AV?$Ref@VSysLogStream@@@@XZ

system

?sleep@Thd@@SAXI@Z
?create@Mon@@SA?AV?$Ref@VMon@@@@I@Z
?copy@Mem@@SAXPBXPAXI@Z
?infoL@Sys@@SA_KI@Z
?exit@Proc@@SAXI@Z
?create@Sem@@SA?AV?$Ref@VSem@@@@I@Z
?cancelled@Thd@@SA_NXZ
?create@Thd@@SA?AV?$Ref@VThd@@@@V?$Ref@VExec@@@@I@Z
?res@IRQ@@SA?AV?$Ref@VIRQ@@@@I_N@Z
?map@VMem@@SAPAXII_NI@Z
?create@String@@SA?AV?$Ref@VString@@@@PBDII@Z
?get@Error@@SAIXZ
??1Object@@MAE@XZ
?selfTest@Object@@UAE_NV?$Ref@VStream@Interfaces@@@@@Z
?dump@Object@@UAEXV?$Ref@VStream@Interfaces@@@@@Z
?_selfTest@Object@@UAE_NV?$Ref@VStream@Interfaces@@@@@Z
?_dump@Object@@UAEXV?$Ref@VStream@Interfaces@@@@@Z
?gcproxy@Object@@UAEPAVGcProxy@@XZ
?obj@Object@@UAE?AV?$Ref@VObject@@@@XZ
?counterRef@Object@@UAEIXZ
?unlockRef@Object@@UAEXXZ
?lockRef@Object@@UAEXXZ
?decRef@Object@@UAEXXZ
?incRef@Object@@UAEXXZ
??0Object@@QAE@XZ
?res@IOPort@@SA_NG_NG@Z
?create@PMem@@SA?AV?$Ref@VSharedMemory@@@@III@Z
?info@Sys@@SAII@Z
?create@String@@SA?AV?$Ref@VString@@@@XZ
?set@Error@@SAXI@Z
?current@Thd@@SAIXZ
?_do_call_once@InitCode@@CAXAAUOnceFlag@1@P6AXPAX@Z1@Z
?lock@InitCode@@SAXXZ
?unlock@InitCode@@SAXXZ
?free@Heap@@SAXPAXI0@Z
?alloc@Heap@@SAPAXIIPAX@Z
??_7type_info@@6B@

Exports

Exports

?queryDriver@@YA?AV?$Ref@VNetDriverFactory@@@@I@Z
net_pci_id_table

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc33f889f51f72340a88263ed0c60991

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

lib.netstack

lib.io.char

lib.pci.header

lib.syslog

system

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 3KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 3KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB