d56f8bed931edb51031ef9958249842a63f9e5a968ac615d7ecd03a996a008b2

Sharing

Copy URL Twitter E-mail

General

Target

d56f8bed931edb51031ef9958249842a63f9e5a968ac615d7ecd03a996a008b2
Size

508KB
MD5

6bdb7e3156e2a23735ea7f06dee79e55
SHA1

33d07960a36ddbf81b1d6646fa083ae588c1eefb
SHA256

d56f8bed931edb51031ef9958249842a63f9e5a968ac615d7ecd03a996a008b2
SHA512

d46239c26b02965da566e89cba44d4d8feb7f6dd19acf30ca3c622e6eb6b632700813a13abb049a18cdeb2bf67caff70735882d180f088bdd89e3c821d2a43eb
SSDEEP

12288:43e8ARs9qxF2up43cdFvWiaAoa3c2vEPZW9+vqLkpw:aHARscxDpOcdFvWilPvEE9qw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d56f8bed931edb51031ef9958249842a63f9e5a968ac615d7ecd03a996a008b2

Files

d56f8bed931edb51031ef9958249842a63f9e5a968ac615d7ecd03a996a008b2
.dll windows:5 windows x64 arch:x64

b1b7f89ab2c8e36f2862f4b1714f50ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\WorkshopAgent\DevelopProj2\Prerelease\TSafeFileFollow\Bin\Release\TSafeFileFollow64.pdb

Imports

kernel32

LeaveCriticalSection
Sleep
SetEvent
ResetEvent
WaitForMultipleObjects
SuspendThread
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
GetSystemInfo
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringW
LCMapStringA
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
lstrlenA
SetStdHandle
WriteConsoleA
EnterCriticalSection
WriteConsoleW
CreateFileA
FlushFileBuffers
ReadFile
CreateFileW
ExpandEnvironmentStringsW
OutputDebugStringW
FreeConsole
AllocConsole
GetLocalTime
OpenProcess
CreateProcessA
CreateProcessW
LoadLibraryExW
FreeResource
EnumResourceNamesW
EnumResourceLanguagesW
VirtualQuery
LockResource
SizeofResource
GetVersion
GetFileInformationByHandle
GetLogicalDrives
QueryDosDeviceW
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSection
GetACP
LocalFree
GetVersionExW
lstrlenW
FindResourceExW
GetConsoleOutputCP
LoadResource
CloseHandle
CreateEventW
GetCurrentThreadId
GetProfileStringW
GetPrivateProfileStringW
GetModuleHandleW
WaitForSingleObject
GetCommandLineW
GetCurrentProcessId
GetFileAttributesA
GetLastError
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
GetFileAttributesW
GetWindowsDirectoryW
GetModuleFileNameW
GetLocaleInfoA
GetSystemDirectoryW

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetSystemMetrics
GetWindowTextW
CallNextHookEx
IsWindowVisible
GetWindowThreadProcessId
SetWindowsHookExW

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetUserNameW
RegOpenKeyW
RegCreateKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

StartShellHook
StopShellHook

Sections

.text
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

TSFile64
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1b7f89ab2c8e36f2862f4b1714f50ce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 279KB - Virtual size: 278KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 78KB - Virtual size: 138KB

.pdata Size: 18KB - Virtual size: 18KB

TSFile64 Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 279KB - Virtual size: 278KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 78KB - Virtual size: 138KB

.pdata
Size: 18KB - Virtual size: 18KB

TSFile64
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB