88bb3719505a06671231dd4fbb7479164538952442f4c8c2e23879ff97d7f532

Sharing

Copy URL Twitter E-mail

General

Target

88bb3719505a06671231dd4fbb7479164538952442f4c8c2e23879ff97d7f532
Size

2.0MB
MD5

be4dfe20e6b196b31d9e280572e51bf3
SHA1

89b2ddfd60de0bae5ae37cc4a17751e5872d4b6a
SHA256

88bb3719505a06671231dd4fbb7479164538952442f4c8c2e23879ff97d7f532
SHA512

e667974e63b1c4501b5777ac1a8a43acdf8bcaa6deab3040138e89e0d4ca8309ed7d7da7dcd0e9b2ea08bf7fd0a458122268ada76eacd38197ae30cee8875ccd
SSDEEP

49152:LkIJ20wuWrwgS0tVqgeurnurpEqQTRSoi:e02hPy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88bb3719505a06671231dd4fbb7479164538952442f4c8c2e23879ff97d7f532

Files

88bb3719505a06671231dd4fbb7479164538952442f4c8c2e23879ff97d7f532
.dll windows:5 windows x64 arch:x64

34f3469b331dbec5d44bda9857135629

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

g:\WorkshopAgent\DevelopProj\Code\PreRelease\WINNCAP\PreRelease\bin\Release\winncap364.pdb

Imports

kernel32

WideCharToMultiByte
GetCurrentThreadId
GetModuleHandleA
GetFileInformationByHandle
CreateThread
GetCurrentProcess
OpenProcess
LocalFree
FindNextFileW
FindFirstFileW
GetSystemInfo
lstrcmpA
SetFileAttributesA
Sleep
CreateDirectoryA
GetComputerNameA
GetVersionExA
WriteFile
SetFilePointer
CompareFileTime
CreateEventA
IsBadReadPtr
GetProfileStringA
FreeConsole
WriteConsoleA
GetStdHandle
AllocConsole
CreateFileW
DisableThreadLibraryCalls
MultiByteToWideChar
GetFileAttributesA
WaitForSingleObject
RemoveDirectoryA
MoveFileA
QueryPerformanceFrequency
MoveFileExW
CopyFileA
FindFirstFileA
FindNextFileA
FindClose
InitializeCriticalSection
QueryPerformanceCounter
DeleteFileA
DeleteFileW
GetACP
OutputDebugStringW
OutputDebugStringA
LeaveCriticalSection
LocalAlloc
RaiseException
LoadResource
FindResourceExA
lstrlenA
FormatMessageA
FormatMessageW
DeleteCriticalSection
SleepEx
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
ReleaseMutex
SetEvent
PulseEvent
ResetEvent
WaitForMultipleObjects
SuspendThread
TerminateThread
ResumeThread
SetThreadPriority
GetExitCodeThread
GetModuleHandleW
FileTimeToSystemTime
FileTimeToLocalFileTime
LoadLibraryW
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc
EnterCriticalSection
RtlPcToFileHeader
GetConsoleCP
GetConsoleMode
GetFileType
HeapReAlloc
FlsSetValue
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetCPInfo
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetTimeZoneInformation
HeapSize
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetStdHandle
SetHandleCount
GetStartupInfoA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
FatalAppExitA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryA
GetCurrentDirectoryW
SetFileAttributesW
GetFileAttributesW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
CopyFileW
MoveFileExA
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
GetEnvironmentVariableW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetVersion
OpenEventA
OpenMutexA
OpenSemaphoreA
GetOverlappedResult
CancelIo
SetNamedPipeHandleState
WaitNamedPipeA
ConnectNamedPipe
CreateNamedPipeA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetDriveTypeW
GetLogicalDrives
GetVolumeInformationA
SetVolumeLabelA
GetDiskFreeSpaceExA
QueryDosDeviceA
DefineDosDeviceA
GetDriveTypeA
QueryDosDeviceW
lstrlenW
CreateFileA
GetFileTime
GetFileSize
ReadFile
CloseHandle
GetCurrentProcessId
GetTickCount
GetLocalTime
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetCommandLineW
GetWindowsDirectoryW
GetWindowsDirectoryA
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryA

advapi32

RegisterEventSourceW
DeregisterEventSource
LookupAccountSidW
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
RegCreateKeyW
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegConnectRegistryA
ReportEventW
RegNotifyChangeKeyValue
SetFileSecurityA
RegSetValueExA
RegOpenKeyA
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCloseKey

Exports

Exports

CheckLeaveEmailData
DealEmailData
GetSmbLog
Mail_SSLRegisterCallBack
MoveEMailRecordTempLocation
RunDll32
SetLocalIPs
SetLogFlag
SetLogMode
SetSmbLogFlag
SetSyncTime
SetUserName
StartMonitor
StopMonitor
ToCheckMailHistoryFile
ToCheckMailHistoryPath
ToStartMailDataRegMonitor

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34f3469b331dbec5d44bda9857135629

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 450KB - Virtual size: 450KB

.data Size: 85KB - Virtual size: 122KB

.pdata Size: 114KB - Virtual size: 114KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 450KB - Virtual size: 450KB

.data
Size: 85KB - Virtual size: 122KB

.pdata
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 19KB - Virtual size: 18KB