file_198670aed0d1408c88d71fd9a05bab94_2024-05-20_14_03_19_152000[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

file_198670aed0d1408c88d71fd9a05bab94_2024-05-20_14_03_19_152000.zip
Size

192KB
MD5

b28969305922a2ceb85465758792de25
SHA1

040dc5cc8e8ca4ba093d5ebc7328c510920094dd
SHA256

ce82651291c3a35921286d51a86eb9b8efe73575ecb0ddcb46f5a8d0eb3d4ac5
SHA512

215207ed7e2a4a7acf6cb55dbadc2b69defcca50e606d7666deaf8b8028b3d3183ebb8a42a48debbbc78ec143fac43f6d13c03d67893a780f06ceca6a50af063
SSDEEP

3072:LrabpuIapGcNzUrIqJXFsfNJgegPY2miwQCgs3TFhurdqdHayPTj+0d6/:Lra1uvpGXreqegA2m5QCx+rdqcybs/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/entry001/libPV2c_9.23.dll

Files

file_198670aed0d1408c88d71fd9a05bab94_2024-05-20_14_03_19_152000.zip
.zip
entry001/libPV2c_9.23.dll
.dll windows:6 windows x86 arch:x86

9e59858bdc09f7fe9716ddf718f01221

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\svn\common\util\xdutil\LIBPV2\tags\DNA_UTIL_LIBPV2_9.23\win12\libPV2c.pdb

Imports

kernel32

GetVersion
GetVersionExA
GlobalMemoryStatus
LocalFree
SetProcessAffinityMask
FormatMessageA
CreateSemaphoreA
FreeConsole
SetConsoleCtrlHandler
WaitForSingleObject
GetExitCodeThread
IsBadStringPtrA
GetTickCount
GlobalAlloc
GlobalFree
CloseHandle
DeleteCriticalSection
SetThreadPriority
GetThreadPriority
GetThreadContext
SuspendThread
ResumeThread
SetThreadContext
GetThreadTimes
GlobalMemoryStatusEx
GetProcAddress
LoadLibraryA
GetProcessTimes
GetPriorityClass
GetSystemTime
SetSystemTime
SystemTimeToFileTime
OpenProcess
SetPriorityClass
CreateMutexA
GetSystemInfo
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
CreateFileA
WriteFile
CreateThread
ExitThread
GetTempPathA
GetTempFileNameA
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
WaitForSingleObjectEx
CreateEventA
GetSystemTimeAsFileTime
GetModuleHandleA
LocalAlloc
WinExec
WideCharToMultiByte
CreateMutexW
lstrcpyW
lstrcatW
lstrcmpA
lstrlenA
DecodePointer
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemDirectoryA
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
Sleep
InitializeCriticalSection
SetErrorMode
GetLastError
DuplicateHandle
ReleaseSemaphore
LeaveCriticalSection
ReleaseMutex
EnterCriticalSection
GetCurrentProcessId

user32

SetTimer
PeekMessageA
KillTimer
PostQuitMessage
MessageBoxA

advapi32

AdjustTokenPrivileges
SetTokenInformation
RegOpenKeyA
RegEnumKeyExA
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString
SysAllocStringLen

ws2_32

listen
recvfrom
ntohs
bind
WSAIoctl
WSAStartup
gethostname
gethostbyname
accept
setsockopt
sendto
ntohl
inet_ntoa
inet_addr
htons
htonl
recv
closesocket
socket
connect
WSAGetLastError
send

winmm

timeSetEvent
timeGetTime

iphlpapi

GetIfEntry
GetAdaptersInfo
GetIpAddrTable

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller

msvcr120

_stricmp
__clean_type_info_names_internal
_except_handler4_common
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_except1
_time32
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
strcat_s
strcpy_s
strcat
strcmp
strlen
strcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_ftime32
qsort
_libm_sse2_sqrt_precise
_libm_sse2_pow_precise
_libm_sse2_log_precise
_libm_sse2_exp_precise
printf
_errno
memmove
_HUGE
_libm_sse2_sin_precise
_libm_sse2_cos_precise
_libm_sse2_atan_precise
_CIsinh
_CIcosh
ungetc
rewind
_vswprintf
memcpy
strchr
strncmp
strncpy
strrchr
exit
atof
atoi
getenv
rand
srand
strtoul
system
calloc
free
malloc
_putenv
_getpid
_spawnl
fclose
fflush
fgets
fopen
fprintf
freopen
vfprintf
sprintf
signal
_fmode
_endthreadex
__iob_func
memset
_unlink
memcmp
_strnicmp
_beginthreadex
longjmp
_setjmp3
strstr
_gmtime32
_mktime32
scanf
fread
fseek
fwrite
fputs
puts
realloc
vsprintf
clearerr
feof
ferror
fgetc
_fileno
fputc
fscanf
ftell
_getw
_putw
rename

Exports

Exports

AcnLedControlWin
AttachProcess
AttachSpecificProcess
AwaitingReply
BlksInFile
ChangeDirectory
ClearEof
Close
CodeTable
Create
CreateWithStdIo
Creator
Delay
Delay1ms
Destroy
DestroyProcess
DetachProcess
DirectToCurCtx
ErrorString
FileException
FillBuffer
Flush
FlushBuffer
Forward
Forwarder
GetDiskName
GetDprAddress
GetFixedTickCount
GetFixedTickCount1us
GetFixedTickCount1us_64
GetPid
GetRealTime
GetTeamRoot
GetTickCount1us
GetTickCount1us_64
GetTime
GetTime1ms
IsProcessAttached
JoinGroup
LZW
LZWdone
LeaveGroup
LocalGroupMember
ModifyFile
MoveFrom
MoveTo
NextLocalGroupMbr
OpenStr
OpenStr2
OpenTcp
OpenTcpIp
PerProcess
PerProcessAddr
PrintError
QueryFile
QueryKernel
QueryProcessState
Read
ReadC
ReadProcessState
Ready
Receive
ReceiveSpecific
ReceiveWithSegment
Rename
Reply
ReplyWithSegment
RereadMsg
RewriteMsg
SameTeam
Send
SendWithTimeout
SetAutoAttach
SetInstanceOwner
SetPcsPriorities
SetPid
SetPriorityMode
SetRealTime
SetTeamPriority
SetTicTime
SetTicTime1ms
SpecialClose
Suicide
TurnOffRunLed
TurnOnRunLed
Unlink
VIOBlockSize
VIOblockread
VIOblockreadC
VIOblockwrite
VIOblockwriteC
VIOclearerr
VIOfclose
VIOfeof
VIOferror
VIOfflush
VIOfgetc
VIOfgets
VIOfileno
VIOfopen
VIOfprintf
VIOfprintfVA
VIOfputc
VIOfputs
VIOfread
VIOfreopen
VIOfscanf
VIOfseek
VIOftell
VIOfwrite
VIOgetw
VIOputw
VIOrename
VIOrewind
VIOungetc
VIOunlink
ValidPid
Wakeup
Write
WriteC
WriteProcessState
Zlongreal_abs
Zreal_abs
Zreal_exp
Zreal_fpa
Zreal_ln
Zreal_pow
Zreal_sin
Zreal_sqrt
Zscale_me
Zscale_out
acot
blockread
blockreadC
blockwrite
blockwriteC
blt
chdir
clear
cot
coth
dtrunc
execRemoteScript
fnCallbacks
fnGetAnyCtxId
fnGetLocalCtxId
fnGetRemoteCtxId
fnGroupId
fnIndex
fnSetHook
fprintf_with_flush
getCoreIdleTimes
getIdleTimes
gmtime_r
itoa
k_zputq
nt_proc_time
pVAutoAttach
pVForward
pVGetPid
pVReceive
pVReceivePending
pVReceiveSpecific
pVReceiveWithSegment
pVReply
pVReplyWithSegment
pVSend
pVSendWithTimeout
pVSwapRequired
pVUseFbcPriority
pVUsePcsPriority
pVXdDebug
pV_BlockSize
pV_Open
pV_OpenDir
pV_OpenFile
pV__Open
pV_blockread
pV_blockreadC
pV_blockwrite
pV_blockwriteC
pV_calloc
pV_calloc_r
pV_cfree_r
pV_clearerr
pV_closedir
pV_fclose
pV_feof
pV_ferror
pV_fflush
pV_fgetc
pV_fgets
pV_fileno
pV_fopen
pV_fprintf
pV_fputc
pV_fputs
pV_fread
pV_free
pV_free_r
pV_freopen
pV_fscanf
pV_fseek
pV_ftell
pV_fwrite
pV_getw
pV_malloc
pV_malloc_r
pV_opendir
pV_putw
pV_readdir
pV_realloc_r
pV_rename
pV_rewind
pV_ungetc
pV_unlink
pVis_initialized
pVno_xdi
pVrt_only
pVsimulator
pVsimulatorSpeed
pvXdGetenv
pv_create_shm
pv_destroy_shm
pv_flush_shm
pv_fprintf_hook
pv_init
pv_init_rt_only
pv_is_ncu_service
pv_lib_init
pv_lock_shm
pv_ncu_init
pv_qp_init
pv_set_fprintf
pv_set_qp_priority_hook
pv_stderror
pv_stdinput
pv_stdoutput
pv_unlock_shm
reverse
uatof
validDouble
validFloat
vgcvt
xcvt
xecvt
xfcvt
zacpq
zalloc
zattpr
zclrt
zcredp
zcremp
zcrepr
zcreq
zcret
zdesdp
zdesmp
zdespr
zdesq
zdest
zdistr
zentmsg
zfree
zgetbl
zgetq
zinitt
zlock
zperprocess
zpriority
zputq
zputt
zrdstate
zreadt
zrelbl
zsleep
zthook
zunlock
zwrstate

Sections

.text
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

9e59858bdc09f7fe9716ddf718f01221

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

winmm

iphlpapi

setupapi

msvcr120

Exports

Exports

Sections

.text Size: 365KB - Virtual size: 364KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 24KB - Virtual size: 1.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 365KB - Virtual size: 364KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 24KB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB