02ba99d732da88ae4dd8f25c82c201ed1a625829616d88a405615fc146fe3fd8

Sharing

Copy URL Twitter E-mail

General

Target

02ba99d732da88ae4dd8f25c82c201ed1a625829616d88a405615fc146fe3fd8
Size

513KB
MD5

b16a00b6525ef227103e9cc36a22ca67
SHA1

6b4b7b2f2f73b4bc21f54ff1de414d0cd5da76c1
SHA256

02ba99d732da88ae4dd8f25c82c201ed1a625829616d88a405615fc146fe3fd8
SHA512

9f0c04dc656e96cb66f90a8d0dcab02c4de7f3d3bd24cf21ae805a69f118545e374d51e180bdd353709b3bf33ba068b6a66dfaa33032be77e86c9359879b4ef8
SSDEEP

12288:48uKOQYD//59zUeKuCdGCh9oaq/ULN5+0za1KmoYE:48u7jD//HFKu+9oaq/Uh5nzqBa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02ba99d732da88ae4dd8f25c82c201ed1a625829616d88a405615fc146fe3fd8

Files

02ba99d732da88ae4dd8f25c82c201ed1a625829616d88a405615fc146fe3fd8
.dll windows:6 windows x64 arch:x64

4dacd63fa2f8b3b4998c6fb82812cf07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\code\xbot-native-components\projects\ShadowBot.Native.Tools\x64\Release\RpaBuilder.pdb

Imports

ntdll

RtlVirtualUnwind
wcschr
RtlLookupFunctionEntry
RtlCaptureContext
strrchr
LdrUnloadDll
RtlUnwind
RtlUnwindEx
RtlPcToFileHeader
__chkstk
_setjmp

kernel32

CompareStringW
EncodePointer
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
WriteConsoleW
HeapAlloc
HeapFree
GetProcessHeap
CloseHandle
CreateEventW
GetCurrentProcessId
FreeLibrary
GetLastError
HeapReAlloc
WaitForSingleObject
WaitForMultipleObjects
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
OpenProcess
IsWow64Process
GetModuleFileNameA
GetProcAddress
LoadLibraryW
MultiByteToWideChar
Sleep
GetModuleHandleW
OpenEventW
QueueUserAPC
GetCurrentThread
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
LoadLibraryExW
GetTempPathW
FlsGetValue
FlsSetValue
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
QueryPerformanceCounter
QueryPerformanceFrequency
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
CreateProcessW
GetFileAttributesExW
GetTimeZoneInformation
WideCharToMultiByte
DeleteFileW
MoveFileExW
CreateFileW
GetCPInfo
HeapSize
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW

Exports

Exports

BeginInstallRpaDllContext
BeginRpaBuilderContext
DoRpaEchoService
EndInstallRpaDllContext
EndRpaBuilderContext
InstallRpaDllFast
InstallRpaDllSimple
InvokeRequestUiTree
InvokeStopRpcServer
RpaSimpleServerEntry
StartRpaRpcServer
StopRpaRpcServer
WaitRpaRpcServer

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4dacd63fa2f8b3b4998c6fb82812cf07

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 368KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 19KB - Virtual size: 19KB

.didat Size: 512B - Virtual size: 104B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 368KB - Virtual size: 368KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 19KB - Virtual size: 19KB

.didat
Size: 512B - Virtual size: 104B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB