4de48b74179db5f06bedb4a5ad58f5c7227f72ba44e912b0ede3de8d5c149f96

Sharing

Copy URL Twitter E-mail

General

Target

4de48b74179db5f06bedb4a5ad58f5c7227f72ba44e912b0ede3de8d5c149f96
Size

695KB
MD5

ddafb417bceed32000670d563c31f802
SHA1

32e266454be9ce5d7a24aa22ba5af3b8f6492af3
SHA256

4de48b74179db5f06bedb4a5ad58f5c7227f72ba44e912b0ede3de8d5c149f96
SHA512

6d44b35c7e0676010073873813c2f8513eb5475aeb7c4ddca8b7b02f5d84edff1639b91ec794939c907b655dfa42decf58e13676bc7050bbeabf10aa4a6ebed2
SSDEEP

12288:3PB+E39wlgNrR6VbW9Q20rs6w5SQZl48H0F53XoN9W0+rL:3PAIwlgNrR6VbS3JSQZm8HatXoN9WLL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4de48b74179db5f06bedb4a5ad58f5c7227f72ba44e912b0ede3de8d5c149f96

Files

4de48b74179db5f06bedb4a5ad58f5c7227f72ba44e912b0ede3de8d5c149f96
.dll windows:5 windows x64 arch:x64

3c145e436a4c5af3317d93a609509a5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\workspace\BackupSuite\Output\x64\Release\ImageAccessorWrapper.pdb

Imports

kernel32

FindNextFileW
FindClose
DeleteFileW
ReadFile
WriteFile
FlushFileBuffers
RemoveDirectoryW
CreateDirectoryW
GetCurrentThread
GetTempPathW
SetFileTime
WideCharToMultiByte
FormatMessageW
LocalFree
SystemTimeToFileTime
CreateThread
WaitForMultipleObjects
GetSystemInfo
VirtualAlloc
CreateSemaphoreW
ReleaseSemaphore
VirtualFree
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
GetFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
MultiByteToWideChar
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FindFirstFileW
SetLastError
FlsAlloc
Sleep
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapReAlloc
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetFileAttributesW
DeviceIoControl
CreateFileW
GetFileAttributesW
GetProcAddress
LoadLibraryW
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexW
GetFullPathNameW
GetCurrentDirectoryA
GetDriveTypeA
FlsFree
GetLastError
GetProcessHeap
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ProcessIdToSessionId
FileTimeToSystemTime
GetDriveTypeW
GetVolumeInformationW
WTSGetActiveConsoleSessionId

advapi32

ImpersonateLoggedOnUser
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegUnLoadKeyW
RegLoadKeyW
DecryptFileW
RevertToSelf

user32

wsprintfW

ole32

CoCreateGuid

mpr

WNetGetConnectionW

shlwapi

PathIsNetworkPathW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

Exports

Exports

CheckAndSaveImagePassword
GetImageDiskIO
GetImageDiskIOEx
GetWindowsInfo
ImageDiskGetGeometry
ImageDiskReadSector
IsImageEncrypted
PutImageDiskIO

Sections

.text
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c145e436a4c5af3317d93a609509a5a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

ole32

mpr

shlwapi

wtsapi32

Exports

Exports

Sections

.text Size: 539KB - Virtual size: 538KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 14KB - Virtual size: 35KB

.pdata Size: 31KB - Virtual size: 30KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 539KB - Virtual size: 538KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 14KB - Virtual size: 35KB

.pdata
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 3KB