bce42a82fb081adf41d6bf7aadc1cf778585f5196ef0c5e7fd604539f2d4c3b9

Sharing

Copy URL Twitter E-mail

General

Target

bce42a82fb081adf41d6bf7aadc1cf778585f5196ef0c5e7fd604539f2d4c3b9
Size

330KB
MD5

b6aadf2a96208c85dea5f9f0483f28cd
SHA1

3042cb39354686f8891a49d1e5841196dddce78b
SHA256

bce42a82fb081adf41d6bf7aadc1cf778585f5196ef0c5e7fd604539f2d4c3b9
SHA512

580bce4291065078b0e5a845a49eb442a042c7a81b24a48e27377d9ffbdada6e6b538cfe5dbceb7044cb508cdee9ac027646fd50f7d4bd4aad1339beb953a768
SSDEEP

6144:qyRA1IgAYcrnnvRpaNfr3LEHd+v0qCF2U:jA1IdbvTahr3LEEVM2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bce42a82fb081adf41d6bf7aadc1cf778585f5196ef0c5e7fd604539f2d4c3b9

Files

bce42a82fb081adf41d6bf7aadc1cf778585f5196ef0c5e7fd604539f2d4c3b9
.dll windows:5 windows x86 arch:x86

ed4f9e0ecc36e2d3d588d1026c90060a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\builds\DevSrv15.NAWS\bin\Release Static\output\Client\Web Client Plug-ins\Security Implementation.pdb

Imports

diagwrap

?Instance@CLogFile@Diagnostics@@SAPAVCLogFileImpl@2@XZ
?LogMessage@CLogFileImpl@Diagnostics@@QAEJPBDJ@Z

kernel32

FindResourceW
FindResourceExW
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
LocalFree
GetCurrentProcess
CreateThread
GetCurrentThreadId
WaitForSingleObject
Sleep
GetModuleHandleA
GetSystemDirectoryA
GetDiskFreeSpaceA
LoadResource
VerSetConditionMask
VerifyVersionInfoA
InterlockedDecrement
GetLogicalDrives
GetDriveTypeA
GetVolumeInformationA
GetVersion
GetSystemInfo
lstrlenA
LockResource
SizeofResource
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileA
WideCharToMultiByte
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DecodePointer
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
GetLastError
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetStringTypeW
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
ExitThread
LoadLibraryExW
GetSystemTimeAsFileTime
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

GetSystemMetrics

advapi32

RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoUninitialize
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
StringFromCLSID
CLSIDFromString

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

Exports

Exports

make

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed4f9e0ecc36e2d3d588d1026c90060a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

diagwrap

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 222KB - Virtual size: 221KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 16KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 222KB - Virtual size: 221KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB