492fd5cc49df14dc43fc77171a35a0cb7214d6b2c6025a3107b1988cc892e823

Sharing

Copy URL Twitter E-mail

General

Target

492fd5cc49df14dc43fc77171a35a0cb7214d6b2c6025a3107b1988cc892e823
Size

168KB
MD5

ec9adf0bca813ea25eeed05d4ee22edb
SHA1

8e5567a9736ee8c4da8985254d0c8c514d9b7b33
SHA256

492fd5cc49df14dc43fc77171a35a0cb7214d6b2c6025a3107b1988cc892e823
SHA512

6b78fb169c9fccb490b24c137d2ae31e37f50ea0e9971e09c44adea9249fef61aff5368c7b24bdd666e1fac896898fb7ae47b6f9da21d713e7715da36b2d310b
SSDEEP

3072:dhHOS34K/cWwtLQTDJlG2lQBV+UdE+rECWp7hKS9I:dhHOS34KEB50MBV+UdvrEFp7hKS6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
492fd5cc49df14dc43fc77171a35a0cb7214d6b2c6025a3107b1988cc892e823

Files

492fd5cc49df14dc43fc77171a35a0cb7214d6b2c6025a3107b1988cc892e823
.dll regsvr32 windows:4 windows x86 arch:x86

3ea27978b33d4ba6763d35fc019ba6ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\views\bonjour\Bonjour.proj\projectfiles\sandbox\mDNSWindows\mdnsNSP\Release\mdnsNSP.pdb

Imports

ws2_32

WSAEventSelect
WSAStringToAddressA
WSAStartup
WSCUnInstallNameSpace
WSCInstallNameSpace
WSACleanup

kernel32

IsBadWritePtr
CompareStringW
CompareStringA
GetLocaleInfoW
HeapSize
SetEndOfFile
LCMapStringW
GetModuleFileNameW
GetLastError
CloseHandle
SetEvent
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
DeleteCriticalSection
InterlockedDecrement
SetLastError
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
WideCharToMultiByte
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
InitializeCriticalSection
InterlockedIncrement
LocalAlloc
LocalFree
InterlockedExchange
RaiseException
ExitProcess
HeapFree
RtlUnwind
HeapReAlloc
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
SetEnvironmentVariableA
VirtualQuery
TlsAlloc
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
SetStdHandle
FlushFileBuffers
ReadFile
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetACP
GetOEMCP
CreateFileA
SetFilePointer
VirtualProtect
GetSystemInfo
GetTimeZoneInformation
LCMapStringA

Exports

Exports

DllRegisterServer
DllUnregisterServer
NSPCleanup
NSPStartup

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ea27978b33d4ba6763d35fc019ba6ca

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 8KB - Virtual size: 4KB