ef8d19cd453a189a732fd4fc59217d9e0937238005e740fb62e8b8d3c361f2dc

Sharing

Copy URL Twitter E-mail

General

Target

ef8d19cd453a189a732fd4fc59217d9e0937238005e740fb62e8b8d3c361f2dc
Size

879KB
MD5

bdddaca90b21de038212ad3fb72ddd35
SHA1

d47de5f21dd08eb83387957ef0752d3da7c3f176
SHA256

ef8d19cd453a189a732fd4fc59217d9e0937238005e740fb62e8b8d3c361f2dc
SHA512

55392c3d2ba223efa9b437eb26ba498e3852b38bf776b3921a38fe28521a82eafb96ad40842e24163c63ed26a3d5e894efa2c3b941f635ece8849dc503daa5c0
SSDEEP

12288:+CTFpaGJKaK/hHRdjTjydjTFcwKxBX3os3onzh:+CTHaEPGhHPjTojTiwKxBX393mV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef8d19cd453a189a732fd4fc59217d9e0937238005e740fb62e8b8d3c361f2dc

Files

ef8d19cd453a189a732fd4fc59217d9e0937238005e740fb62e8b8d3c361f2dc
.dll windows:5 windows x86 arch:x86

c41d997a6f8092ca396a9adfcbe11eb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\V5驱动\3.5.0.0\Bin\Win32\JSBProxy.pdb

Imports

ws2_32

WSAStartup
WSACleanup
recv
send
connect
recvfrom
__WSAFDIsSet
select
sendto
ntohs
WSARecvFrom
WSASendTo
shutdown
setsockopt
WSARecv
WSASend
WSAGetLastError
socket
WSAIoctl
listen
bind
WSASocketA
closesocket
htons
WSAStringToAddressA
inet_ntoa
gethostbyname
inet_addr

iphlpapi

SetTcpEntry
GetExtendedTcpTable

advapi32

QueryServiceStatus
CreateServiceW
RegOpenKeyExA
SetSecurityInfo
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegSetValueExA
RegOpenKeyA
DeleteService
ControlService
StartServiceA
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
RegQueryValueExA

shell32

ShellExecuteExA

user32

MsgWaitForMultipleObjectsEx
PeekMessageA
GetParent
GetWindowThreadProcessId
TranslateMessage
DispatchMessageA
ShowWindow
MessageBoxA
EnumWindows

shlwapi

PathStripPathA
PathRemoveFileSpecA
PathFileExistsA

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
MoveFileExW
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
GetStringTypeW
GetStartupInfoW
LCMapStringW
HeapReAlloc
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetStdHandle
GetConsoleMode
GetConsoleCP
GetProcessHeap
HeapSize
GetModuleHandleExW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RaiseException
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineA
ExitProcess
WaitForSingleObject
OpenProcess
GetExitCodeProcess
TerminateProcess
GetLastError
SetLastError
CloseHandle
VirtualQuery
GetCurrentProcess
GetCurrentThreadId
FreeLibrary
LoadLibraryExW
GetModuleHandleW
CreateFileA
LocalAlloc
OutputDebugStringA
WideCharToMultiByte
OutputDebugStringW
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemWindowsDirectoryA
LoadLibraryA
CreateEventA
SetEvent
CreateMutexA
GetSystemInfo
GetVersionExA
GetTempFileNameA
MoveFileExA
DeleteFileA
GetModuleFileNameA
GetCurrentProcessId
GetModuleHandleA
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateIoCompletionPort
ResetEvent
PostQueuedCompletionStatus
GetQueuedCompletionStatus
WaitForMultipleObjects
FindResourceA
LoadResource
SizeofResource
LockResource
WriteFile
GetLongPathNameW
SetThreadPriority
WinExec
DeviceIoControl
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetTickCount
CancelIo
GetOverlappedResult
ReadFile
GetLogicalDriveStringsW
QueryDosDeviceW
GetDriveTypeW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
CreateThread
ExitThread
AreFileApisANSI
MultiByteToWideChar

Exports

Exports

AddFilterExeName
AddFilterRule
CheckSocks5
CloseNetWork
EmptyData
FilterProcessNet
FixNet
ForceDeleteFile
GetDriverMode
GetFlow
GetProcessFlow
GetProcessPath
GetProxyCount
HideProcess
InitData
IsProcessRunState
KeKillProcess
ProtectCurProcess
SetDNS
SetProxy
SetUDPState
StopProxy

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c41d997a6f8092ca396a9adfcbe11eb0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

advapi32

shell32

user32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 159KB - Virtual size: 159KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 7KB - Virtual size: 17KB

.detourd Size: 512B - Virtual size: 12B

.detourc Size: 4KB - Virtual size: 4KB

.rsrc Size: 656KB - Virtual size: 656KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 7KB - Virtual size: 17KB

.detourd
Size: 512B - Virtual size: 12B

.detourc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 656KB - Virtual size: 656KB

.reloc
Size: 12KB - Virtual size: 11KB