755fc220077d5337bcf4d3f342ae375ce34aac47955b57093eb2e1fd58f3152d

Sharing

Copy URL Twitter E-mail

General

Target

755fc220077d5337bcf4d3f342ae375ce34aac47955b57093eb2e1fd58f3152d
Size

326KB
MD5

dc1877f17fbe05bc4e0c6bd276ed2365
SHA1

cf3ae2fba7241dee4fa6508fca1d87a63053ec14
SHA256

755fc220077d5337bcf4d3f342ae375ce34aac47955b57093eb2e1fd58f3152d
SHA512

037b0b591eef6167797a2120e94eae90f456445ce87227f3b8fb937ede4274390e2c2dccf9bcac56771d92e0129b70199295d4c57b996f2688ac2dcac891cb38
SSDEEP

6144:3KEe8enIsy9oV7V109ZoLREinYht1870t209MtVq1jJ45L2ujeHTGIp:3fInIsDVV109ZoLREiGt1870t209JujE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
755fc220077d5337bcf4d3f342ae375ce34aac47955b57093eb2e1fd58f3152d

Files

755fc220077d5337bcf4d3f342ae375ce34aac47955b57093eb2e1fd58f3152d
.dll windows:6 windows x86 arch:x86

a822cc86b5568f9ed8b36e53126717df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\JENWA\workspace\win-agent-spoke-23.4\label\W10\client\WinProxy\DeployPrimaryWindowsApis\bin\Release\DeployPrimaryWindowsApis.pdb

Imports

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

SetLastError
SetFileAttributesW
Sleep
lstrcatW
LockResource
CloseHandle
SizeofResource
FindResourceW
GetComputerNameW
GetCurrentProcessId
GetModuleHandleW
CopyFileW
WaitNamedPipeW
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
ReadFile
lstrcpyW
GetLastError
CreateFileW
WriteFile
lstrlenW
IsDebuggerPresent
SetUnhandledExceptionFilter
LoadResource
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

user32

wvsprintfW

advapi32

SetSecurityDescriptorDacl
CreateServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceW
InitializeSecurityDescriptor
OpenServiceW
RegOpenKeyExW
RegQueryValueExW

vcruntime140

wcsstr
memset
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath

api-ms-win-crt-string-l1-1-0

wcstok_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_execute_onexit_table
_initterm
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_cexit

Exports

Exports

Distribute
TargetResponds
_Java_com_novell_zenworks_deployment_DeployToWindowsTarget_distribute@40
_Java_com_novell_zenworks_deployment_DeployToWindowsTarget_targetResponds@24

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a822cc86b5568f9ed8b36e53126717df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mpr

kernel32

user32

advapi32

vcruntime140

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 924B

.rsrc Size: 306KB - Virtual size: 306KB

.reloc Size: 1024B - Virtual size: 724B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 924B

.rsrc
Size: 306KB - Virtual size: 306KB

.reloc
Size: 1024B - Virtual size: 724B