FwRemoteSvr[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

FwRemoteSvr.dll
Size

43KB
MD5

6fab14ef21421a893b2117df03087a75
SHA1

01f35876459fb9c40ea82fa63ef242731ded21d5
SHA256

33f3f5ca5d63775c80ea7db2ac7b46dcc04e1cf047f946c21f483eb95ff45f4a
SHA512

2a6d76153e5ef77cb6f947fc45190cce89b14ecf4a540ac9028a8d0ccc1fa1e670dc35099cd4efde0906c43f59c919594ce0d56f5f854bf1743ee38ec1833cd3
SSDEEP

384:r1jnp3FwtifpJjtlKH01QGM4KqGKBaV9WZU6f8fW3cW7p8N:r17Bmt7BGM4jQVI+U5BiN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FwRemoteSvr.dll

Files

FwRemoteSvr.dll
.dll windows:6 windows x86 arch:x86

ce12e9c5d10471e5fadc904f55ba7d83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FwRemoteSvr.pdb

Imports

msvcrt

memcpy
free
malloc
_XcptFilter
_initterm
_amsg_exit
_except_handler4_common
memset

ntdll

EtwTraceMessage

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetProcAddress
LoadLibraryExA

rpcrt4

NdrServerCall2
RpcRevertToSelf
I_RpcBindingIsClientLocal
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcImpersonateClient
RpcBindingInqAuthClientW
RpcServerUseProtseqW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcStringFreeW
RpcEpUnregister
RpcBindingVectorFree
RpcServerUnregisterIfEx

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
InterlockedExchange
GetCurrentThread
LocalFree
InterlockedCompareExchange
GetLastError
DelayLoadFailureHook
CloseHandle

firewallapi

FWQueryCryptoSets
FWQueryAuthenticationSets
FWEnumNetworks
FWQueryConnectionSecurityRules
FWQueryFirewallRules
FWEnumMainModeRules
FWDeleteAllMainModeRules
FWDeleteMainModeRule
FWEnumAdapters
FWQueryMainModeRules
FWDeleteAllConnectionSecurityRules
FWSetMainModeRule
FWAddMainModeRule
FWDeletePhase2SAs
FWDeletePhase1SAs
FWEnumPhase2SAs
FWEnumPhase1SAs
FWEnumCryptoSets
FWDeleteAllCryptoSets
FWDeleteCryptoSet
FWSetCryptoSet
FWAddCryptoSet
FWEnumAuthenticationSets
FWDeleteAllAuthenticationSets
FWSetAuthenticationSet
FWDeleteAuthenticationSet
FWAddAuthenticationSet
FWEnumConnectionSecurityRules
FWDeleteConnectionSecurityRule
FWSetConnectionSecurityRule
FWAddConnectionSecurityRule
FWClosePolicyStore
FWOpenPolicyStore
FWSetGlobalConfig
FWGetGlobalConfig2
FWGetGlobalConfig
FWEnumProducts
FWSetConfig
FWGetConfig2
FWGetConfig
FWSetFirewallRule
FWAddFirewallRule
FWDeleteAllFirewallRules
FWDeleteFirewallRule
FWEnumFirewallRules
FwAlloc
FwFree
FWRestoreDefaults

Exports

Exports

FwRpcAPIsInitialize
FwRpcAPIsShutdown

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce12e9c5d10471e5fadc904f55ba7d83

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-1-0

rpcrt4

kernel32

firewallapi

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 36KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB