fcc835606d4a7f4bcac7debf2cbbf715a2e2f6d000c01f9d8185930ade98a897

Sharing

Copy URL

Twitter E-mail

General

Target

fcc835606d4a7f4bcac7debf2cbbf715a2e2f6d000c01f9d8185930ade98a897
Size

236KB
MD5

daf8532791503cef4bf4b41c6c407620
SHA1

80ade208807e158e3f20a800cb62d8f5f5cdc8e3
SHA256

fcc835606d4a7f4bcac7debf2cbbf715a2e2f6d000c01f9d8185930ade98a897
SHA512

2cda32516d35edc6c7de92984922710747a12391e6f8a642be3be78b412c459cc98be51fdafc5eec517ec60c3752fde68b27eb37afd9fbe4e9d0112af69021c7
SSDEEP

6144:+A12183fvVL8JUKvZ6os1j+4dETBKmh4IXML:w0fvVL8eM6os1j+4dETAmh4IX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcc835606d4a7f4bcac7debf2cbbf715a2e2f6d000c01f9d8185930ade98a897

Files

fcc835606d4a7f4bcac7debf2cbbf715a2e2f6d000c01f9d8185930ade98a897
.dll windows:6 windows x64 arch:x64

762d461c781c51223bc23a5a5f3ba309

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Linkout\Dicregate64\eb.pdb

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FindClose
FindFirstFileA
FindNextFileA
DisableThreadLibraryCalls
GetCommandLineA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead

vcruntime140

__C_specific_handler
strchr
memcpy
memset
memmove
strrchr
strstr
__current_exception_context
__current_exception
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

strncpy
strcmp
mblen
_strdup
_stricmp

api-ms-win-crt-heap-l1-1-0

malloc
free
realloc

api-ms-win-crt-stdio-l1-1-0

_getcwd
_getdcwd
__stdio_common_vsprintf
_lseek
_read
_lseeki64
_close
__stdio_common_vfprintf
fputs
fputc
fflush
__acrt_iob_func
_open

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_crt_at_quick_exit
_cexit
_execute_onexit_table
_initterm_e
_configure_narrow_argv
_errno
_register_onexit_function
_initialize_onexit_table
abort
_initterm
_initialize_narrow_environment
_seh_filter_dll
terminate

api-ms-win-crt-multibyte-l1-1-0

_mbschr
_mbsrchr

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-locale-l1-1-0

setlocale

Exports

Exports

DllMain
eb_appendix_path
eb_appendix_subbook
eb_appendix_subbook_directory
eb_appendix_subbook_directory2
eb_appendix_subbook_list
eb_backward_narrow_alt_character
eb_backward_narrow_font_character
eb_backward_text
eb_backward_wide_alt_character
eb_backward_wide_font_character
eb_bcd2
eb_bcd4
eb_bcd6
eb_bind
eb_bind_appendix
eb_bitmap_to_bmp
eb_bitmap_to_gif
eb_bitmap_to_png
eb_bitmap_to_xbm
eb_bitmap_to_xpm
eb_booklist_add_book
eb_booklist_book_count
eb_booklist_book_name
eb_booklist_book_title
eb_canonicalize_file_name
eb_canonicalize_path_name
eb_character_code
eb_compose_movie_file_name
eb_compose_movie_path_name
eb_compose_path_name
eb_compose_path_name2
eb_compose_path_name3
eb_copyright
eb_current_candidate
eb_decompose_movie_file_name
eb_disable_log
eb_disc_type
eb_enable_log
eb_error_message
eb_error_string
eb_exact_match_word_jis
eb_exact_match_word_kana_group
eb_exact_match_word_kana_single
eb_exact_match_word_latin
eb_exact_pre_match_word_jis
eb_exact_pre_match_word_latin
eb_finalize_alt_caches
eb_finalize_appendix
eb_finalize_appendix_subbooks
eb_finalize_binary_context
eb_finalize_book
eb_finalize_booklist
eb_finalize_fonts
eb_finalize_hookset
eb_finalize_library
eb_finalize_search
eb_finalize_search_contexts
eb_finalize_searches
eb_finalize_subbooks
eb_finalize_text_context
eb_find_file_name
eb_find_file_name2
eb_find_file_name3
eb_fix_directory_name
eb_fix_directory_name2
eb_fix_path_name_suffix
eb_font
eb_font_height
eb_font_height2
eb_font_list
eb_forward_heading
eb_forward_narrow_alt_character
eb_forward_narrow_font_character
eb_forward_text
eb_forward_wide_alt_character
eb_forward_wide_font_character
eb_have_copyright
eb_have_cross_search
eb_have_endword_search
eb_have_exactword_search
eb_have_font
eb_have_keyword_search
eb_have_menu
eb_have_multi_search
eb_have_narrow_alt
eb_have_narrow_font
eb_have_stop_code
eb_have_text
eb_have_wide_alt
eb_have_wide_font
eb_have_word_search
eb_hit_list
eb_hook_empty
eb_hook_euc_to_ascii
eb_hook_narrow_character_text
eb_hook_newline
eb_hook_wide_character_text
eb_initialize_alt_caches
eb_initialize_appendix
eb_initialize_appendix_subbooks
eb_initialize_binary_context
eb_initialize_book
eb_initialize_booklist
eb_initialize_default_hookset
eb_initialize_fonts
eb_initialize_hookset
eb_initialize_library
eb_initialize_log
eb_initialize_search
eb_initialize_search_contexts
eb_initialize_searches
eb_initialize_subbooks
eb_initialize_text_context
eb_invalidate_text_context
eb_is_appendix_bound
eb_is_bound
eb_is_text_stopped
eb_jisx0208_to_euc
eb_load_all_appendix_subbooks
eb_load_all_subbooks
eb_load_font_headers
eb_load_multi_searches
eb_load_multi_titles
eb_load_narrow_font_glyphs
eb_load_narrow_font_header
eb_load_wide_font_glyphs
eb_load_wide_font_header
eb_log
eb_log_stderr
eb_match_word
eb_match_word_kana_group
eb_match_word_kana_single
eb_menu
eb_multi_entry_candidates
eb_multi_entry_count
eb_multi_entry_have_candidates
eb_multi_entry_label
eb_multi_entry_list
eb_multi_search_list
eb_multi_title
eb_narrow_alt_character_text
eb_narrow_alt_end
eb_narrow_alt_start
eb_narrow_font_bmp_size
eb_narrow_font_character_bitmap
eb_narrow_font_end
eb_narrow_font_gif_size
eb_narrow_font_png_size
eb_narrow_font_size
eb_narrow_font_size2
eb_narrow_font_start
eb_narrow_font_width
eb_narrow_font_width2
eb_narrow_font_xbm_size
eb_narrow_font_xpm_size
eb_open_narrow_font_file
eb_open_wide_font_file
eb_path
eb_path_name_zio_code
eb_pre_match_word
eb_presearch_word
eb_pthread_enabled
eb_quoted_stream
eb_quoted_string
eb_read_binary
eb_read_heading
eb_read_rawtext
eb_read_text
eb_reset_binary_context
eb_reset_search_contexts
eb_reset_text_context
eb_search_cross
eb_search_endword
eb_search_exactword
eb_search_keyword
eb_search_multi
eb_search_word
eb_seek_text
eb_set_appendix_subbook
eb_set_binary_color_graphic
eb_set_binary_gray_graphic
eb_set_binary_mono_graphic
eb_set_binary_mpeg
eb_set_binary_wave
eb_set_endword
eb_set_font
eb_set_hook
eb_set_hooks
eb_set_keyword
eb_set_log_function
eb_set_multiword
eb_set_subbook
eb_set_word
eb_sjis_to_euc
eb_stop_code
eb_strcasecmp
eb_strncasecmp
eb_subbook
eb_subbook_directory
eb_subbook_directory2
eb_subbook_list
eb_subbook_title
eb_subbook_title2
eb_tell_text
eb_text
eb_unset_appendix_subbook
eb_unset_binary
eb_unset_font
eb_unset_subbook
eb_wide_alt_character_text
eb_wide_alt_end
eb_wide_alt_start
eb_wide_font_bmp_size
eb_wide_font_character_bitmap
eb_wide_font_end
eb_wide_font_gif_size
eb_wide_font_png_size
eb_wide_font_size
eb_wide_font_size2
eb_wide_font_start
eb_wide_font_width
eb_wide_font_width2
eb_wide_font_xbm_size
eb_wide_font_xpm_size
eb_write_text
eb_write_text_byte1
eb_write_text_byte2
eb_write_text_string
localedir
url_parts_finalize
url_parts_fragment
url_parts_host
url_parts_initialize
url_parts_params
url_parts_parse
url_parts_password
url_parts_path
url_parts_port
url_parts_print
url_parts_query
url_parts_scheme
url_parts_url
url_parts_user
zio_close
zio_file
zio_finalize
zio_finalize_library
zio_initialize
zio_initialize_library
zio_lseek
zio_mode
zio_open
zio_read
zio_set_sebxa_mode

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

762d461c781c51223bc23a5a5f3ba309

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 4KB - Virtual size: 12KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 472B

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 472B