44f59497897c9a2845fdf6c448fbe19f7e2ac0dd3b06f054370fba30a12fd869

Sharing

Copy URL Twitter E-mail

General

Target

44f59497897c9a2845fdf6c448fbe19f7e2ac0dd3b06f054370fba30a12fd869
Size

210KB
MD5

90f199ed3f8d8cb4ea07ec449beede8e
SHA1

2dd360de9fe90d729a1017cdc49e48920c2e9018
SHA256

44f59497897c9a2845fdf6c448fbe19f7e2ac0dd3b06f054370fba30a12fd869
SHA512

94455fbaeaa16eb5e2f967b3a20847c83e46ce4a062c23108812ae0c7df691a9d639eb5c1a9ee07af9452f94ce903075a2459aff53205b2cd89b93df6304bfd5
SSDEEP

3072:bAS7t96Qd2V/mKFJMyCTjHWiulGPWeOeb299zBwnnmM+:MS7th2AKxCvWeb21wnr+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44f59497897c9a2845fdf6c448fbe19f7e2ac0dd3b06f054370fba30a12fd869

Files

44f59497897c9a2845fdf6c448fbe19f7e2ac0dd3b06f054370fba30a12fd869
.dll windows:6 windows x86 arch:x86

64b14dad504eebc9177785babc626a3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\processhacker\bin\Release32\plugins\ToolStatus.pdb

Imports

processhacker.exe

_PhCreateSearchControl@12
_PhAddTreeNewFilter@12
PhReferenceEmptyString
_PhLoadPngImageFromResource@20
PhLoadIcon
PhClearList
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhStringToInteger64
PhGetStringSetting
PhSetStringSetting2
PhRemoveStringBuilder
PhFinalStringBuilderString
PhFormatUInt64
PhCreateList
PhCreateString
PhfReleaseQueuedLockShared
PhFormat
PhDereferenceObjects
PhParseCommandLineFuzzy
PhGetServiceTypeString
PhAddItemList
_PhGetProtocolTypeName@4
PhfAcquireQueuedLockShared
PhFree
PhSplitStringRefAtChar
PhGetServiceErrorControlString
PhFindStringInStringRef
PhGetServiceDllParameter
PhGetServiceStateString
PhQueryRegistryString
PhConcatStringRef2
PhGetFileName
_PhGetProcessPriorityClassString@4
PhQueryValueKey
_PhGetTcpStateName@4
PhExpandEnvironmentStrings
PhOpenKey
PhGetServiceStartTypeString
PhAddItemSimpleHashtable
PhInsertEMenuItem
_PhGetFilterSupportProcessTreeList@0
_PhSetSelectThreadIdProcessPropContext@8
_PhFindProcessNode@4
_PhPluginGetSystemStatistics@4
PhEqualStringRef
PhCreateEMenuItem
PhGetWindowText
_PhUiTerminateProcesses@12
PhConcatStrings2
PhFindEMenuItem
PhCreateEMenu
PhDestroyEMenuItem
PhInvokeCallback
PhAddSettings
WindowsVersion
_PhGetGeneralCallback@4
_PhRegisterMessageLoopFilter@8
_PhShowProcessProperties@4
_PhApplyTreeNewFilters@4
PhFindItemSimpleHashtable
PhShowEMenu
_PhExpandAllProcessNodes@4
PhRegisterCallback
_PhGetFilterSupportServiceTreeList@0
_PhDeselectAllServiceNodes@0
PhDestroyEMenu
_PhGetFilterSupportNetworkTreeList@0
_PhReferenceProcessItem@4
_PhRegisterPlugin@12
PhReferenceObject
_PhGetPluginCallback@8
PhCreateAlloc
PhShowMessage
PhGetOwnTokenAttributes
_PhCreateProcessPropContext@8
PhSetFlagsEMenuItem
PhCreateSimpleHashtable
_PhDeselectAllProcessNodes@0
PhFormatSize
_PhShowProcessRecordDialog@8
PhFormatString
PhSystemBasicInformation
PhDivideSinglesBySingle
PhInitializeGraphState
_PhSiSetColorsGraphDrawInfo@12
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhCopyCircularBuffer_FLOAT
_PhDereferenceProcessRecord@4
PhFormatString_V
PhAutoDereferenceObject
_PhFindProcessRecord@8
PhDereferenceObject
_PhGetStatisticsTime@12
_PhGetStatisticsTimeString@8
PhAddComboBoxStrings
PhSetIntegerSetting
PhGetIntegerSetting
PhMainWndHandle
PhAllocate
PhInsertItemList
PhRemoveItemList
PhGlobalDpi
PhCenterWindow
PhIconToBitmap

ntdll

LdrGetDllHandle
LdrGetProcedureAddress
NtClose
RtlUnwind

user32

IsWindowVisible
SetWindowTextW
DestroyIcon
GetDC
GetWindowThreadProcessId
DefWindowProcW
GetWindowRect
GetMenu
SetWindowPos
GetSystemMetrics
WindowFromPoint
LoadAcceleratorsW
IsChild
MapWindowPoints
SetFocus
TranslateAcceleratorW
LoadCursorW
SetCapture
GetWindowDC
SetCursor
GetClientRect
ReleaseCapture
ReleaseDC
DestroyWindow
GetCursorPos
CreateWindowExW
ShowWindow
CreateIconIndirect
SetMenu
DrawMenuBar
DrawIconEx
InvalidateRect
GetPropW
FillRect
SendMessageW
EndDialog
RemovePropW
GetSysColor
SetPropW
GetDlgItem
DrawTextW
GetSysColorBrush
DialogBoxParamW
EnableWindow

gdi32

SelectObject
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
CreateICW
CreateCompatibleDC
RestoreDC
Rectangle
CreatePen
GetStockObject
SaveDC
GetTextExtentPoint32W
DeleteDC
SetTextColor
SetBkMode
GetObjectW
SetROP2
CreateFontIndirectW
DeleteObject

comctl32

ImageList_Add
ord410
ord413
ImageList_Replace
ImageList_Create

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetCurrentProcess
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetModuleFileNameA
RaiseException

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64b14dad504eebc9177785babc626a3a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

processhacker.exe

ntdll

user32

gdi32

comctl32

kernel32

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 7KB - Virtual size: 7KB