5181c1a6f44b6d31beaa41ee97a41c915ad89a66d78e40f791d7d1a835f2e343

Sharing

Copy URL

Twitter E-mail

General

Target

5181c1a6f44b6d31beaa41ee97a41c915ad89a66d78e40f791d7d1a835f2e343
Size

1.0MB
MD5

0763f113c622773d170974735c0ae7d6
SHA1

ff058229f2373191db9db4a7db7da56f5461ebf1
SHA256

5181c1a6f44b6d31beaa41ee97a41c915ad89a66d78e40f791d7d1a835f2e343
SHA512

1c935748161c99c4f59b015b70d6a2951aba6da3c90d3d99b87ae5ac9d8d79ee327ec26cc6114afd2e9a76416a1fda02a0d76030b6f21eace633e49487c905b4
SSDEEP

24576:cXRFdSLXH5xbjNk8k3JUnWJ6pHyHdR9/2WUAr7sduEhNw8uR:cXRYXH5xf28smnWJ6pydz2WUAr7sduEK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5181c1a6f44b6d31beaa41ee97a41c915ad89a66d78e40f791d7d1a835f2e343

Files

5181c1a6f44b6d31beaa41ee97a41c915ad89a66d78e40f791d7d1a835f2e343
.dll windows:5 windows x64 arch:x64

e605b58728421ce4451c05e394873033

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\WorkshopAgent\DevelopProj2\OCPFrame\Thunk\Bin\Release64\OCPFrame64.pdb

Imports

kernel32

GetProcessTimes
GetExitCodeProcess
MoveFileA
Sleep
GetTickCount
OpenMutexW
CreateMutexW
SetEvent
WaitForSingleObject
CreateSemaphoreA
TerminateProcess
FileTimeToSystemTime
LoadLibraryExW
ReleaseSemaphore
CreateEventA
MultiByteToWideChar
WideCharToMultiByte
SetEnvironmentVariableA
CompareStringW
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CopyFileW
GetDiskFreeSpaceExW
GetFileTime
SetFileTime
GetProcessHeap
HeapAlloc
HeapFree
VirtualQuery
CreateProcessW
WriteFile
CreateFileW
GetFileSize
GetComputerNameA
GetComputerNameW
FlushFileBuffers
GetFileAttributesW
CreateDirectoryW
CreateDirectoryA
GetFileAttributesExA
GetFileAttributesExW
GetVolumeInformationW
QueryDosDeviceA
DeviceIoControl
ReadFile
CopyFileA
SetFileAttributesW
lstrcmpW
RemoveDirectoryW
DeleteFileW
MoveFileExW
GetFileAttributesA
SetFileAttributesA
lstrcmpA
RemoveDirectoryA
DeleteFileA
MoveFileExA
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetSystemDirectoryA
GetModuleHandleW
CreateFileA
GetFileInformationByHandle
CloseHandle
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
GetLastError
GetCurrentThreadId
GetModuleFileNameA
GetCurrentDirectoryW
GetModuleFileNameW
FreeLibrary
GetCurrentDirectoryA
LocalAlloc
QueryDosDeviceW
GetDriveTypeA
DefineDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
GetVolumeInformationA
GetLogicalDrives
GetDriveTypeW
GetLocalTime
AllocConsole
WriteConsoleA
FreeConsole
OutputDebugStringW
VirtualQueryEx
GetThreadPriority
GetPriorityClass
SetEndOfFile
SetPriorityClass
CreateProcessA
WriteConsoleW
SetStdHandle
SetConsoleCtrlHandler
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
LoadResource
FindResourceExA
lstrlenA
lstrlenW
GetVersionExA
FormatMessageA
GetACP
FormatMessageW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
CreateMutexA
ReleaseMutex
PulseEvent
ResetEvent
WaitForMultipleObjects
SuspendThread
TerminateThread
ResumeThread
SetThreadPriority
GetExitCodeThread
IsBadReadPtr
OpenEventA
OpenMutexA
OpenSemaphoreA
GetOverlappedResult
CancelIo
SetNamedPipeHandleState
WaitNamedPipeA
ConnectNamedPipe
CreateNamedPipeA
LoadLibraryW
SetLastError
GetSystemDirectoryW
MoveFileW
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
GetEnvironmentVariableW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
LCMapStringW
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeW
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
FatalAppExitA
GetUserDefaultLCID
GetLocaleInfoA

user32

EnumDesktopWindows
GetWindowLongA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
MessageBoxA
MessageBoxW
SendMessageTimeoutA
GetClassNameW
GetWindowTextA
GetWindowTextW
SetForegroundWindow
SetWindowPos
ShowWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
MsgWaitForMultipleObjects
PostMessageA
PostThreadMessageA
GetSystemMetrics
GetUserObjectInformationW
IsWindowVisible
OpenDesktopA
GetParent
PeekMessageA
EnumWindows
GetMessageA
TranslateMessage
DispatchMessageA
GetDesktopWindow
EnumChildWindows
FindWindowExA

advapi32

RegQueryValueExA
OpenServiceA
CloseServiceHandle
InitializeSecurityDescriptor
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
LookupAccountNameW
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
GetFileSecurityW
SetFileSecurityW
GetFileSecurityA
SetFileSecurityA
RegSetValueExA
RegOpenKeyA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
OpenSCManagerA
RegCloseKey
QueryServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegOpenKeyW
LookupAccountSidW
RegSetKeySecurity
RegConnectRegistryA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExW
RegDeleteKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegSetValueExW
RegEnumValueA
RegCreateKeyW
RegCreateKeyExW

oleaut32

SystemTimeToVariantTime

ws2_32

WSACleanup
WSAStartup
setsockopt
accept
bind
htonl
htons
WSAIoctl
socket
connect
closesocket
shutdown
listen
ntohs
ntohl
getpeername
getsockname
getsockopt
send
sendto
WSAGetLastError
recvfrom
recv

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

gdi32

CreateDCW
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectW
BitBlt
GetBitmapBits
DeleteDC
DeleteObject

Exports

Exports

OFCDoFunc
OFCInit
OFCIsServerStart
OFCUnInit
OFFreeReply
OFSGetReq
OFSNotifyReply
OFSRunServer
OFSSetReqAndWaitReply
OFSWaitNotifyReq

Sections

.text
Size: 701KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e605b58728421ce4451c05e394873033

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleaut32

ws2_32

version

gdi32

Exports

Exports

Sections

.text Size: 701KB - Virtual size: 700KB

.rdata Size: 215KB - Virtual size: 215KB

.data Size: 71KB - Virtual size: 120KB

.pdata Size: 53KB - Virtual size: 53KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 701KB - Virtual size: 700KB

.rdata
Size: 215KB - Virtual size: 215KB

.data
Size: 71KB - Virtual size: 120KB

.pdata
Size: 53KB - Virtual size: 53KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB