4394eb6c60136a6330eead933974dd28fed30606342663c14993db9222cf02d8

Sharing

Copy URL Twitter E-mail

General

Target

4394eb6c60136a6330eead933974dd28fed30606342663c14993db9222cf02d8
Size

54KB
MD5

02b64ba6e9536c592293788f52d5ad0c
SHA1

277f2acf485de2601737b2cf38d40e08ba3cf51f
SHA256

4394eb6c60136a6330eead933974dd28fed30606342663c14993db9222cf02d8
SHA512

276156f19597ace02c9beeed8ec845e428422c4844f1ed07edb3557ea38925a98a6a168e3c90117922f71f6317b4531e59a4df6c66bc34644ba96ad4140e0ba0
SSDEEP

1536:vhxmL6RGR0gHdM2YnYZPc5G9Y889rz6NKzEkI6yq:vhxmLtRmihm8qruNK5Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rdpwrap.dll

Files

4394eb6c60136a6330eead933974dd28fed30606342663c14993db9222cf02d8
.zip
rdpwrap.dll
.dll windows:6 windows x64 arch:x64

53a3dacee6717ddc12074523c645029b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetFileSize
ReadFile
SetLastError
SetFilePointer
WriteFile
CloseHandle
GetModuleHandleExW
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
OpenThread
ResumeThread
SuspendThread
Thread32Next
GetModuleHandleW
FindResourceW
LoadResource
LoadLibraryExW
WriteProcessMemory
GetCurrentProcess
GetModuleFileNameW
LoadLibraryW
GetProcAddress
ReadProcessMemory
SetFilePointerEx
SetStdHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
HeapReAlloc
OutputDebugStringW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW

user32

wsprintfA

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53a3dacee6717ddc12074523c645029b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB