56c8593b57913be2bd57e7b699e1eb8e2489564be71579796994fa248e57f482

Sharing

Copy URL

Twitter E-mail

General

Target

56c8593b57913be2bd57e7b699e1eb8e2489564be71579796994fa248e57f482
Size

3.4MB
MD5

f5ceb735af47a18b5f03f7bae067f156
SHA1

b37f6cd10b8828239e19a57fa7ae4a945421ccf1
SHA256

56c8593b57913be2bd57e7b699e1eb8e2489564be71579796994fa248e57f482
SHA512

85e48bb0d413dfd5c4e4923ac74868e2b77a761cd5d18ba2e4cf5d2131e9685daac69609a0da50fef19fcb742e1b8c4da2e82512d2e15e0f35e30b07ee86de3a
SSDEEP

98304:sqxUtGssprBoI5XhXWRabw1f+K6xpxmkO:sqxGGzXocXhGgs1fuO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56c8593b57913be2bd57e7b699e1eb8e2489564be71579796994fa248e57f482

Files

56c8593b57913be2bd57e7b699e1eb8e2489564be71579796994fa248e57f482
.dll windows:5 windows x86 arch:x86

da54107d6c55b0f87441d7d4ff5f1edd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\actions-runner\_work\xigncode-build\xigncode-build\vsproject\bin\Win32\Release\x3_barrier_Win32.pdb

Imports

kernel32

GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetSystemDirectoryW
ResumeThread
ExitThread
GetSystemDirectoryA
LoadLibraryA
LoadLibraryW
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
MultiByteToWideChar
WideCharToMultiByte
VirtualQuery
Sleep
GetVolumeInformationW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
SuspendThread
CreateEventW
SetEvent
InterlockedExchangeAdd
RaiseException
GetSystemInfo
CreateThread
ResetEvent
QueueUserAPC
GetProcAddress
DeleteCriticalSection
SleepEx
GetThreadTimes
GetSystemTime
GetTickCount
OpenThread
lstrlenW
lstrcmpW
VirtualProtect
GetFullPathNameW
OutputDebugStringA
SetFilePointer
CreateMutexW
lstrlenA
ReleaseMutex
GetVersion
OutputDebugStringW
SetFilePointerEx
FreeLibrary
SystemTimeToTzSpecificLocalTime
QueryDosDeviceW
GetLogicalDriveStringsW
CreateFileA
GetWindowsDirectoryW
GetModuleFileNameA
GetModuleFileNameW
GetTempPathA
GetStdHandle
IsBadReadPtr
VirtualAlloc
GetThreadContext
FlushInstructionCache
SetThreadContext
SizeofResource
FindResourceA
FindResourceExA
LockResource
FindResourceExW
LoadResource
FindResourceW
SetEnvironmentVariableW
GetEnvironmentVariableW
IsProcessorFeaturePresent
DuplicateHandle
OpenProcess
ReadProcessMemory
TerminateThread
ExitProcess
CreateRemoteThread
InterlockedDecrement
FreeResource
CreateToolhelp32Snapshot
Module32FirstW
CreateProcessW
OpenEventW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesExW
SetFileAttributesA
LocalFree
HeapCreate
HeapDestroy
DeleteFileW
WaitForMultipleObjects
SetThreadPriority
Thread32Next
Thread32First
GetThreadPriority
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetCurrentDirectoryW
FindFirstFileW
SearchPathW
FindNextFileW
FindClose
LocalAlloc
GetModuleHandleA
IsWow64Process
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetEnvironmentVariableA
LoadLibraryExA
LoadLibraryExW
InterlockedPushEntrySList
InterlockedPopEntrySList
DeviceIoControl
CancelIo
GetDriveTypeW
FormatMessageA
ExpandEnvironmentStringsA
RtlUnwind
InterlockedFlushSList
EncodePointer
GetModuleHandleExW
QueryPerformanceFrequency
CreateProcessA
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetFileType
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
GetExitCodeProcess
CreatePipe
MoveFileExW
HeapSize
SetStdHandle
WriteConsoleW
SetEndOfFile
DecodePointer
PeekNamedPipe
FormatMessageW
VerSetConditionMask
VerifyVersionInfoA
MoveFileExA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadWritePtr
QueryPerformanceCounter
SwitchToThread
FileTimeToSystemTime
GetVersionExA
GetWindowsDirectoryA
InterlockedIncrement
GetModuleHandleW
GetFileSize
CloseHandle
GetFileAttributesW
CreateFileW
InterlockedCompareExchange
WriteFile
InterlockedExchange
ReadFile
DisableThreadLibraryCalls
GetLastError
WriteProcessMemory
SetLastError

ws2_32

setsockopt
WSAIoctl
ntohl
bind
getpeername
getsockopt
WSAWaitForMultipleEvents
recv
WSASetLastError
accept
listen
recvfrom
sendto
htonl
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSCEnumProtocols
WSCGetProviderPath
__WSAFDIsSet
closesocket
select
shutdown
inet_addr
getsockname
ntohs
gethostname
socket
connect
htons
ioctlsocket
WSACleanup
gethostbyname
WSAStartup
inet_ntoa
WSAGetLastError

iphlpapi

GetNetworkParams

rpcrt4

UuidCreate

setupapi

CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
CM_Get_DevNode_Status
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDeviceInfoW
CM_Get_Parent

user32

GetClientRect
EnumWindows
GetForegroundWindow
GetWindowTextW
ClientToScreen
IsWindowUnicode
GetClassNameW
GetWindowLongA
GetClassLongA
IsWindow
SendMessageTimeoutW
GetWindow
IsIconic
SendMessageW
FindWindowW
WaitForInputIdle
IsWindowVisible
IsGUIThread
GetClassLongW
GetWindowThreadProcessId
GetDesktopWindow
GetWindowLongW
CharLowerW
CreateWindowExW

gdi32

BitBlt

advapi32

CryptCreateHash
RegQueryValueExW
RegOpenKeyW
RegCloseKey
OpenServiceA
OpenServiceW
ChangeServiceConfigW
RegCreateKeyW
StartServiceW
RegSetValueExW
ControlService
OpenSCManagerW
CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
CreateServiceW
GetTokenInformation
AddAccessAllowedAce
LsaNtStatusToWinError
SetKernelObjectSecurity
GetKernelObjectSecurity
InitializeAcl
SetEntriesInAclW
CryptDestroyHash
CryptHashData
AllocateAndInitializeSid
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegEnumValueW
InitializeSecurityDescriptor
OpenProcessToken
RegEnumKeyW
RegQueryInfoKeyW
RegQueryValueW
RegSetValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryAllTracesW
SetFileSecurityW
EqualSid
GetSidSubAuthorityCount
LookupPrivilegeValueA
GetSidSubAuthority
ConvertSidToStringSidW
LookupAccountSidW
QueryServiceStatusEx
SetSecurityDescriptorDacl
FreeSid

shell32

ShellExecuteExW
SHBindToParent
SHGetDataFromIDListW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW

ole32

StringFromGUID2

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString
SysAllocString

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord217
ord143

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 769KB - Virtual size: 769KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 586KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da54107d6c55b0f87441d7d4ff5f1edd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

iphlpapi

rpcrt4

setupapi

user32

gdi32

advapi32

shell32

ole32

oleaut32

wldap32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 769KB - Virtual size: 769KB

.data Size: 219KB - Virtual size: 237KB

.rsrc Size: 108KB - Virtual size: 107KB

.reloc Size: 101KB - Virtual size: 101KB

.vlizer Size: 586KB - Virtual size: 2.3MB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 769KB - Virtual size: 769KB

.data
Size: 219KB - Virtual size: 237KB

.rsrc
Size: 108KB - Virtual size: 107KB

.reloc
Size: 101KB - Virtual size: 101KB

.vlizer
Size: 586KB - Virtual size: 2.3MB