4d06dc892564dba0585782367a1b5375af0e9493388bfda460b541f361d4e767

Sharing

Copy URL Twitter E-mail

General

Target

4d06dc892564dba0585782367a1b5375af0e9493388bfda460b541f361d4e767
Size

36KB
MD5

810498c37db5629df89b335001f784a3
SHA1

3052c2613067c98baef6c3073653f535a7616492
SHA256

4d06dc892564dba0585782367a1b5375af0e9493388bfda460b541f361d4e767
SHA512

01461ea99d15c59566d71871dff19a9b66f47c8b2b9e1e5462757844b16c0edbd88b9066e8b4b2aa8f8fe8f42cd9719bd3430225d6dccf2c448ee4b6fbd77348
SSDEEP

384:NLn9z9b3DzT3uOXPpFeOo6izhAJcPVvkHqK7UItrexDq01QGK3BMb8aCvq/bCvB:NrLbznVXPeOo1VplQy8aCvkbCvBABK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d06dc892564dba0585782367a1b5375af0e9493388bfda460b541f361d4e767

Files

4d06dc892564dba0585782367a1b5375af0e9493388bfda460b541f361d4e767
.dll windows:6 windows x64 arch:x64

5d56bf4e7fa5b296c583dd7d8acd363c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\NK_LC_LIB20231031\NKIOLIB_20231121\x64\Release\NKIOLIBx64.pdb

Imports

winring0x64

ord54
ord62
ord52
ord51
ord8
ord7
ord66

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
IsDebuggerPresent

vcruntime140

memset
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
__C_specific_handler
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
fopen
__stdio_common_vsprintf_s
fopen_s
fclose
__stdio_common_vsscanf
feof
__stdio_common_vsprintf
rewind
fgets

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e
_execute_onexit_table
exit
_cexit
_initterm

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
strftime

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

Exports

Exports

NKDIO_LibraryDeinit
NKDIO_LibraryInit
NKDIO_PollingReadDiByte
NKDIO_PollingReadDiWord
NKDIO_PollingReadDoByte
NKDIO_PollingReadDoWord
NKDIO_PollingWriteDoByte
NKDIO_PollingWriteDoWord

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d56bf4e7fa5b296c583dd7d8acd363c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winring0x64

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 68B