ESENT.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
esent.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
esent.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
esent.dll
-
Size
1.6MB
-
MD5
5c3f9dba818cd93379d1a0f215270374
-
SHA1
537afe77e48dac7a2db456d0e4f93409b2cc8a60
-
SHA256
6a4d96ac83989d47d80332e41e627f2607a3b2167e1a5d8e21361136c4424633
-
SHA512
cc02f4d97e6fea7cbbdf249fa1b88ba4e04a583dcf256fe2c73e3eae60828b2b795fc71df0452a58f203b7a8ae00d2eb9ca6f80c409d2dccb9c3671a476d6f45
-
SSDEEP
49152:E9j6VRFnQJC5/JufK3EpU+inyCaT8YTpfOAQeK4s:+jenQU5/NUpU+iRCTGeK4s
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource esent.dll
Files
-
esent.dll.dll windows:6 windows x86 arch:x86
ac512ef50d284bd3f475a666943807f8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
srand
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
wctomb
_snprintf
isleadbyte
_amsg_exit
_initterm
_onexit
_lock
__dllonexit
_unlock
_wfullpath
atol
_mbspbrk
time
_mbsrchr
wcsrchr
iscntrl
iswprint
strcspn
strpbrk
strtoul
strtok
isupper
modf
_vsnwprintf
_errno
strstr
wprintf
_wcsnicmp
vprintf
_iob
isprint
_vsnprintf
_itoa
memmove
_wfopen
fprintf
fflush
fclose
_ultoa
_strnicmp
_stricmp
strchr
_wcsicmp
malloc
free
rand
printf
memset
memcpy
_purecall
ntdll
RtlUnwind
kernel32
SetEndOfFile
GetFileInformationByHandle
CopyFileW
FindFirstFileW
GetFileAttributesW
DeviceIoControl
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
MoveFileW
MoveFileExW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
FindNextFileW
FindClose
FlushFileBuffers
GetSystemDefaultLCID
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetModuleFileNameW
GetProcessAffinityMask
VirtualQueryEx
SetConsoleCtrlHandler
IsProcessorFeaturePresent
GetSystemPowerStatus
WaitForMultipleObjectsEx
OpenFileMappingA
MapViewOfFile
CreateMutexA
OpenMutexA
OpenEventA
GetTimeFormatW
GetDateFormatW
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
InterlockedExchange
GetSystemTime
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
CreateThread
SetThreadPriorityBoost
ResumeThread
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThread
SetThreadPriority
GetExitCodeThread
SleepEx
SetHandleInformation
TlsFree
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrlenA
UnhandledExceptionFilter
FormatMessageW
TerminateProcess
SetLastError
InterlockedCompareExchange
SetEvent
InitializeCriticalSectionAndSpinCount
CreateMutexW
CreateFileW
DeleteCriticalSection
GetLocalTime
GetCurrentProcessId
OutputDebugStringA
WaitForSingleObjectEx
SetFilePointer
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
CreateEventW
GetWindowsDirectoryW
SetUnhandledExceptionFilter
SetThreadAffinityMask
SetThreadIdealProcessor
CreateSemaphoreA
ReleaseSemaphore
SystemTimeToFileTime
VirtualFree
HeapAlloc
HeapFree
GetProcessHeap
LCMapStringW
VirtualProtect
VirtualAlloc
GetProcAddress
GetSystemInfo
DisableThreadLibraryCalls
GetCurrentThreadId
GlobalMemoryStatus
GetCurrentProcess
HeapDestroy
FreeLibrary
GetVersionExA
LoadLibraryA
GetModuleHandleA
DeleteTimerQueueEx
VirtualUnlock
GetLastError
UnmapViewOfFile
CloseHandle
MapViewOfFileEx
CreateFileMappingA
DuplicateHandle
GetOverlappedResult
ReadFile
CreateEventA
LocalFree
LocalAlloc
WriteFile
CreateFileA
LoadLibraryW
Sleep
CreateTimerQueueTimer
WaitForSingleObject
DeleteTimerQueueTimer
ResetEvent
CreateTimerQueue
Exports
Exports
DebugExtensionInitialize
DebugExtensionInitialize@8
DebugExtensionNotify
DebugExtensionNotify@12
DebugExtensionUninitialize
DebugExtensionUninitialize@0
JetAddColumn
JetAddColumnA
JetAddColumnA@28
JetAddColumnW
JetAddColumnW@28
JetAttachDatabase
JetAttachDatabase2
JetAttachDatabase2A
JetAttachDatabase2A@16
JetAttachDatabase2W
JetAttachDatabase2W@16
JetAttachDatabaseA
JetAttachDatabaseA@12
JetAttachDatabaseW
JetAttachDatabaseW@12
JetAttachDatabaseWithStreaming
JetAttachDatabaseWithStreamingA
JetAttachDatabaseWithStreamingA@24
JetAttachDatabaseWithStreamingW
JetAttachDatabaseWithStreamingW@24
JetBackup
JetBackupA
JetBackupA@12
JetBackupInstance
JetBackupInstanceA
JetBackupInstanceA@16
JetBackupInstanceW
JetBackupInstanceW@16
JetBackupW
JetBackupW@12
JetBeginDatabaseIncrementalReseed
JetBeginDatabaseIncrementalReseedA
JetBeginDatabaseIncrementalReseedA@12
JetBeginDatabaseIncrementalReseedW
JetBeginDatabaseIncrementalReseedW@12
JetBeginExternalBackup
JetBeginExternalBackup@4
JetBeginExternalBackupInstance
JetBeginExternalBackupInstance@8
JetBeginSession
JetBeginSessionA
JetBeginSessionA@16
JetBeginSessionW
JetBeginSessionW@16
JetBeginSurrogateBackup
JetBeginSurrogateBackup@16
JetBeginTransaction
JetBeginTransaction2
JetBeginTransaction2@8
JetBeginTransaction@4
JetCloseDatabase
JetCloseDatabase@12
JetCloseFile
JetCloseFile@4
JetCloseFileInstance
JetCloseFileInstance@8
JetCloseTable
JetCloseTable@8
JetCommitTransaction
JetCommitTransaction@8
JetCompact
JetCompactA
JetCompactA@24
JetCompactW
JetCompactW@24
JetComputeStats
JetComputeStats@8
JetConfigureProcessForCrashDump
JetConfigureProcessForCrashDump@4
JetConvertDDL
JetConvertDDLA
JetConvertDDLA@20
JetConvertDDLW
JetConvertDDLW@20
JetCreateDatabase
JetCreateDatabase2
JetCreateDatabase2A
JetCreateDatabase2A@20
JetCreateDatabase2W
JetCreateDatabase2W@20
JetCreateDatabaseA
JetCreateDatabaseA@20
JetCreateDatabaseW
JetCreateDatabaseW@20
JetCreateDatabaseWithStreaming
JetCreateDatabaseWithStreamingA
JetCreateDatabaseWithStreamingA@28
JetCreateDatabaseWithStreamingW
JetCreateDatabaseWithStreamingW@28
JetCreateIndex
JetCreateIndex2
JetCreateIndex2A
JetCreateIndex2A@16
JetCreateIndex2W
JetCreateIndex2W@16
JetCreateIndex3A
JetCreateIndex3W
JetCreateIndexA
JetCreateIndexA@28
JetCreateIndexW
JetCreateIndexW@28
JetCreateInstance
JetCreateInstance2
JetCreateInstance2A
JetCreateInstance2A@16
JetCreateInstance2W
JetCreateInstance2W@16
JetCreateInstanceA
JetCreateInstanceA@8
JetCreateInstanceW
JetCreateInstanceW@8
JetCreateTable
JetCreateTableA
JetCreateTableA@24
JetCreateTableColumnIndex
JetCreateTableColumnIndex2
JetCreateTableColumnIndex2A
JetCreateTableColumnIndex2A@12
JetCreateTableColumnIndex2W
JetCreateTableColumnIndex2W@12
JetCreateTableColumnIndex3A
JetCreateTableColumnIndex3A@12
JetCreateTableColumnIndex3W
JetCreateTableColumnIndex3W@12
JetCreateTableColumnIndexA
JetCreateTableColumnIndexA@12
JetCreateTableColumnIndexW
JetCreateTableColumnIndexW@12
JetCreateTableW
JetCreateTableW@24
JetDBUtilities
JetDBUtilitiesA
JetDBUtilitiesA@4
JetDBUtilitiesW
JetDBUtilitiesW@4
JetDatabaseScan
JetDatabaseScan@24
JetDefragment
JetDefragment2
JetDefragment2A
JetDefragment2A@28
JetDefragment2W
JetDefragment2W@28
JetDefragment3
JetDefragment3A
JetDefragment3A@32
JetDefragment3W
JetDefragment3W@32
JetDefragmentA
JetDefragmentA@24
JetDefragmentW
JetDefragmentW@24
JetDelete
JetDelete@8
JetDeleteColumn
JetDeleteColumn2
JetDeleteColumn2A
JetDeleteColumn2A@16
JetDeleteColumn2W
JetDeleteColumn2W@16
JetDeleteColumnA
JetDeleteColumnA@12
JetDeleteColumnW
JetDeleteColumnW@12
JetDeleteIndex
JetDeleteIndexA
JetDeleteIndexA@12
JetDeleteIndexW
JetDeleteIndexW@12
JetDeleteTable
JetDeleteTableA
JetDeleteTableA@12
JetDeleteTableW
JetDeleteTableW@12
JetDetachDatabase
JetDetachDatabase2
JetDetachDatabase2A
JetDetachDatabase2A@12
JetDetachDatabase2W
JetDetachDatabase2W@12
JetDetachDatabaseA
JetDetachDatabaseA@8
JetDetachDatabaseW
JetDetachDatabaseW@8
JetDupCursor
JetDupCursor@16
JetDupSession
JetDupSession@8
JetEnableFaultInjection
JetEnableFaultInjection@16
JetEnableMultiInstance
JetEnableMultiInstanceA
JetEnableMultiInstanceA@12
JetEnableMultiInstanceW
JetEnableMultiInstanceW@12
JetEndDatabaseIncrementalReseed
JetEndDatabaseIncrementalReseedA
JetEndDatabaseIncrementalReseedA@20
JetEndDatabaseIncrementalReseedW
JetEndDatabaseIncrementalReseedW@20
JetEndExternalBackup
JetEndExternalBackup@0
JetEndExternalBackupInstance
JetEndExternalBackupInstance2
JetEndExternalBackupInstance2@8
JetEndExternalBackupInstance@4
JetEndSession
JetEndSession@8
JetEndSurrogateBackup
JetEndSurrogateBackup@8
JetEnumerateColumns
JetEnumerateColumns@40
JetEscrowUpdate
JetEscrowUpdate@36
JetExternalRestore
JetExternalRestore2
JetExternalRestore2A
JetExternalRestore2A@40
JetExternalRestore2W
JetExternalRestore2W@40
JetExternalRestoreA
JetExternalRestoreA@32
JetExternalRestoreW
JetExternalRestoreW@32
JetFreeBuffer
JetFreeBuffer@4
JetGetAttachInfo
JetGetAttachInfoA
JetGetAttachInfoA@12
JetGetAttachInfoInstance
JetGetAttachInfoInstanceA
JetGetAttachInfoInstanceA@16
JetGetAttachInfoInstanceW
JetGetAttachInfoInstanceW@16
JetGetAttachInfoW
JetGetAttachInfoW@12
JetGetBookmark
JetGetBookmark@20
JetGetColumnInfo
JetGetColumnInfoA
JetGetColumnInfoA@28
JetGetColumnInfoW
JetGetColumnInfoW@28
JetGetCounter
JetGetCounter@12
JetGetCurrentIndex
JetGetCurrentIndexA
JetGetCurrentIndexA@16
JetGetCurrentIndexW
JetGetCurrentIndexW@16
JetGetCursorInfo
JetGetCursorInfo@20
JetGetDatabaseFileInfo
JetGetDatabaseFileInfoA
JetGetDatabaseFileInfoA@16
JetGetDatabaseFileInfoW
JetGetDatabaseFileInfoW@16
JetGetDatabaseInfo
JetGetDatabaseInfoA
JetGetDatabaseInfoA@20
JetGetDatabaseInfoW
JetGetDatabaseInfoW@20
JetGetDatabasePages
JetGetDatabasePages@32
JetGetIndexInfo
JetGetIndexInfoA
JetGetIndexInfoA@28
JetGetIndexInfoW
JetGetIndexInfoW@28
JetGetInstanceInfo
JetGetInstanceInfoA
JetGetInstanceInfoA@8
JetGetInstanceInfoW
JetGetInstanceInfoW@8
JetGetInstanceMiscInfo
JetGetInstanceMiscInfo@16
JetGetLS
JetGetLS@16
JetGetLock
JetGetLock@12
JetGetLogFileInfo
JetGetLogFileInfoA
JetGetLogFileInfoA@16
JetGetLogFileInfoW
JetGetLogFileInfoW@16
JetGetLogInfo
JetGetLogInfoA
JetGetLogInfoA@12
JetGetLogInfoInstance
JetGetLogInfoInstance2
JetGetLogInfoInstance2A
JetGetLogInfoInstance2A@20
JetGetLogInfoInstance2W
JetGetLogInfoInstance2W@20
JetGetLogInfoInstanceA
JetGetLogInfoInstanceA@16
JetGetLogInfoInstanceW
JetGetLogInfoInstanceW@16
JetGetLogInfoW
JetGetLogInfoW@12
JetGetMaxDatabaseSize
JetGetMaxDatabaseSize@16
JetGetObjectInfo
JetGetObjectInfoA
JetGetObjectInfoA@32
JetGetObjectInfoW
JetGetObjectInfoW@32
JetGetPageInfo
JetGetPageInfo2
JetGetPageInfo2@24
JetGetPageInfo@24
JetGetRecordPosition
JetGetRecordPosition@16
JetGetRecordSize
JetGetRecordSize2
JetGetRecordSize2@16
JetGetRecordSize@16
JetGetResourceParam
JetGetResourceParam@16
JetGetSecondaryIndexBookmark
JetGetSecondaryIndexBookmark@36
JetGetSessionInfo
JetGetSessionInfo@16
JetGetSystemParameter
JetGetSystemParameterA
JetGetSystemParameterA@24
JetGetSystemParameterW
JetGetSystemParameterW@24
JetGetTableColumnInfo
JetGetTableColumnInfoA
JetGetTableColumnInfoA@24
JetGetTableColumnInfoW
JetGetTableColumnInfoW@24
JetGetTableIndexInfo
JetGetTableIndexInfoA
JetGetTableIndexInfoA@24
JetGetTableIndexInfoW
JetGetTableIndexInfoW@24
JetGetTableInfo
JetGetTableInfoA
JetGetTableInfoA@20
JetGetTableInfoW
JetGetTableInfoW@20
JetGetThreadStats
JetGetThreadStats@8
JetGetTruncateLogInfoInstance
JetGetTruncateLogInfoInstanceA
JetGetTruncateLogInfoInstanceA@16
JetGetTruncateLogInfoInstanceW
JetGetTruncateLogInfoInstanceW@16
JetGetVersion
JetGetVersion@8
JetGotoBookmark
JetGotoBookmark@16
JetGotoPosition
JetGotoPosition@12
JetGotoSecondaryIndexBookmark
JetGotoSecondaryIndexBookmark@28
JetGrowDatabase
JetGrowDatabase@16
JetIdle
JetIdle@8
JetIndexRecordCount
JetIndexRecordCount@16
JetInit
JetInit2
JetInit2@8
JetInit3
JetInit3A
JetInit3A@12
JetInit3W
JetInit3W@12
JetInit@4
JetIntersectIndexes
JetIntersectIndexes@20
JetMakeKey
JetMakeKey@20
JetMove
JetMove@16
JetOSSnapshotAbort
JetOSSnapshotAbort@8
JetOSSnapshotEnd
JetOSSnapshotEnd@8
JetOSSnapshotFreeze
JetOSSnapshotFreezeA
JetOSSnapshotFreezeA@16
JetOSSnapshotFreezeW
JetOSSnapshotFreezeW@16
JetOSSnapshotGetFreezeInfo
JetOSSnapshotGetFreezeInfoA
JetOSSnapshotGetFreezeInfoA@16
JetOSSnapshotGetFreezeInfoW
JetOSSnapshotGetFreezeInfoW@16
JetOSSnapshotPrepare
JetOSSnapshotPrepare@8
JetOSSnapshotPrepareInstance
JetOSSnapshotPrepareInstance@12
JetOSSnapshotThaw
JetOSSnapshotThaw@8
JetOSSnapshotTruncateLog
JetOSSnapshotTruncateLog@8
JetOSSnapshotTruncateLogInstance
JetOSSnapshotTruncateLogInstance@12
JetOpenDatabase
JetOpenDatabaseA
JetOpenDatabaseA@20
JetOpenDatabaseW
JetOpenDatabaseW@20
JetOpenFile
JetOpenFileA
JetOpenFileA@16
JetOpenFileInstance
JetOpenFileInstanceA
JetOpenFileInstanceA@20
JetOpenFileInstanceW
JetOpenFileInstanceW@20
JetOpenFileSectionInstance
JetOpenFileSectionInstanceA
JetOpenFileSectionInstanceA@28
JetOpenFileSectionInstanceW
JetOpenFileSectionInstanceW@28
JetOpenFileW
JetOpenFileW@16
JetOpenTable
JetOpenTableA
JetOpenTableA@28
JetOpenTableW
JetOpenTableW@28
JetOpenTempTable
JetOpenTempTable2
JetOpenTempTable2@28
JetOpenTempTable3
JetOpenTempTable3@28
JetOpenTempTable@24
JetOpenTemporaryTable
JetOpenTemporaryTable@8
JetPatchDatabasePages
JetPatchDatabasePagesA
JetPatchDatabasePagesA@28
JetPatchDatabasePagesW
JetPatchDatabasePagesW@28
JetPrepareToCommitTransaction
JetPrepareToCommitTransaction@16
JetPrepareUpdate
JetPrepareUpdate@12
JetPrereadKeys
JetPrereadKeys@28
JetReadFile
JetReadFile@16
JetReadFileInstance
JetReadFileInstance@20
JetRegisterCallback
JetRegisterCallback@24
JetRemoveLogfileA
JetRemoveLogfileA@12
JetRemoveLogfileW
JetRemoveLogfileW@12
JetRenameColumn
JetRenameColumnA
JetRenameColumnA@20
JetRenameColumnW
JetRenameColumnW@20
JetRenameTable
JetRenameTableA
JetRenameTableA@16
JetRenameTableW
JetRenameTableW@16
JetResetCounter
JetResetCounter@8
JetResetSessionContext
JetResetSessionContext@4
JetResetTableSequential
JetResetTableSequential@12
JetRestore
JetRestore2
JetRestore2A
JetRestore2A@12
JetRestore2W
JetRestore2W@12
JetRestoreA
JetRestoreA@8
JetRestoreInstance
JetRestoreInstanceA
JetRestoreInstanceA@16
JetRestoreInstanceW
JetRestoreInstanceW@16
JetRestoreW
JetRestoreW@8
JetRetrieveColumn
JetRetrieveColumn@32
JetRetrieveColumns
JetRetrieveColumns@16
JetRetrieveKey
JetRetrieveKey@24
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 63KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cachelin Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ