ccaf30118891941d0654f5c09b1da7ffeab7fdb03632497710991465a07a0742

Sharing

Copy URL Twitter E-mail

General

Target

ccaf30118891941d0654f5c09b1da7ffeab7fdb03632497710991465a07a0742
Size

296KB
MD5

5fe738cf4f656357126cc846e16972f3
SHA1

f402c64bf60e4e2eb5bf1326d3af0582959868c8
SHA256

ccaf30118891941d0654f5c09b1da7ffeab7fdb03632497710991465a07a0742
SHA512

e4a479884bf741ff3a1641df7cfcb01dec7e4999fbe174c88092898e833ecb902a6aabcb42f4b1195aa0d78e870dbe3234fa6b2b89742e57e1805e6122cf2702
SSDEEP

6144:xsDjpCxusYn0QodmUuXtjcveXpbgQWGIrJtExo:x+jpCIX0QSuXHz4Jtb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ccaf30118891941d0654f5c09b1da7ffeab7fdb03632497710991465a07a0742

Files

ccaf30118891941d0654f5c09b1da7ffeab7fdb03632497710991465a07a0742
.dll windows:6 windows x86 arch:x86

f78e2fa69f2b62dbbaee90b2ab51dfcb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

webio.pdb

Imports

msvcrt

__dllonexit
_lock
_except_handler4_common
_onexit
_initterm
memcpy
memcmp
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf
strncmp
??3@YAXPAX@Z
isspace
isalnum
isalpha
memset
isdigit
tolower
toupper
_stricmp
__CxxFrameHandler3
??2@YAPAXI@Z
_unlock
_wcsnicmp
_strnicmp
memmove

ntdll

EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
RtlGetCurrentProcessorNumber
EtwEventWriteTransfer
EtwEventUnregister
EtwEventRegister
EtwTraceMessage
EtwEventActivityIdControl
RtlDowncaseUnicodeChar
RtlCompareUnicodeStrings
EtwEventEnabled
EtwEventWrite
RtlIpv6AddressToStringW
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
RtlAllocateHeap
RtlFreeHeap
EtwGetTraceEnableFlags

api-ms-win-core-libraryloader-l1-1-1

FreeLibraryAndExitThread
FreeLibrary
GetModuleHandleExW
LoadLibraryExA
GetProcAddress
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange64
InterlockedPushEntrySList
InterlockedCompareExchange
InitializeSListHead
InterlockedDecrement
QueryDepthSList

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-synch-l1-1-1

SetEvent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
InitializeSRWLock
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
Sleep
ReleaseSRWLockShared

api-ms-win-core-localization-l1-1-1

IsDBCSLeadByteEx
GetCPInfoExW
GetCPInfo
IdnToUnicode
IdnToAscii

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcess
TlsGetValue
TlsFree
TlsAlloc
GetCurrentThreadId
TlsSetValue
CreateThread
SwitchToThread
GetCurrentProcessId
OpenThreadToken
SetThreadToken
GetCurrentThread
TerminateProcess

api-ms-win-core-file-l1-1-1

CompareFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-1-1

GetTickCount64
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount
GetProductInfo
GetSystemDirectoryW
GetVersionExW
SystemTimeToFileTime

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegOpenKeyExW

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetLengthSid
RevertToSelf

api-ms-win-core-threadpool-l1-1-1

StartThreadpoolIo
CreateThreadpoolWork
CancelThreadpoolIo
CloseThreadpoolIo
TrySubmitThreadpoolCallback
CallbackMayRunLong
SubmitThreadpoolWork
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
CreateThreadpoolIo
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork

kernel32

RaiseFailFastException
SetFileCompletionNotificationModes

Sections

.text
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f78e2fa69f2b62dbbaee90b2ab51dfcb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-synch-l1-1-1

api-ms-win-core-localization-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-1-1

api-ms-win-core-sysinfo-l1-1-1

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-threadpool-l1-1-1

kernel32

Sections

.text Size: 187KB - Virtual size: 187KB

.data Size: 38KB - Virtual size: 38KB

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 187KB - Virtual size: 187KB

.data
Size: 38KB - Virtual size: 38KB

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 7KB - Virtual size: 7KB