6621fb15aa9f4cd80a2dd88715f6418330e9e7ac6763fc0e736192504e752225

Sharing

Copy URL Twitter E-mail

General

Target

6621fb15aa9f4cd80a2dd88715f6418330e9e7ac6763fc0e736192504e752225
Size

4.2MB
MD5

f15e7a0700b27a43c5f29b174ca6d158
SHA1

384747bbc3d441a9ac644833f0234d563ccdfccf
SHA256

6621fb15aa9f4cd80a2dd88715f6418330e9e7ac6763fc0e736192504e752225
SHA512

a4916b0e46e9578958fe6b28b76a25fed9149ec02d258e06e3bfac40a3b1d1fa8efce55824e169262fe2eed8a585b3399341a81b1016bedba5c11d9d594dcb66
SSDEEP

49152:MiJV/469d/tj+Vv9bED6OncSaTHe44QDCA/fNjYRRI02xDl9:MMi69d/tj+UD6OcSE+knv0e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6621fb15aa9f4cd80a2dd88715f6418330e9e7ac6763fc0e736192504e752225

Files

6621fb15aa9f4cd80a2dd88715f6418330e9e7ac6763fc0e736192504e752225
.dll windows:6 windows x86 arch:x86

4144e9e797168a90d596e40adb655e93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workarea\8.861.1.2\drivers\dx\udx\w7\bld\dll\B_rel\atiumdag.pdb

Imports

kernel32

FreeLibrary
QueryPerformanceCounter
WaitForSingleObject
SetEvent
InitializeCriticalSection
Thread32First
Sleep
CreateEventA
LeaveCriticalSection
Thread32Next
CreateTimerQueueTimer
EnterCriticalSection
LoadLibraryA
OpenThread
GetExitCodeThread
GetModuleFileNameA
CreateToolhelp32Snapshot
QueryPerformanceFrequency
DeleteCriticalSection
CloseHandle
DeleteTimerQueueTimer
GetCurrentProcessId
VirtualProtect
MultiByteToWideChar
WideCharToMultiByte
SetThreadAffinityMask
GetProcessAffinityMask
GetCurrentThread
GetCurrentProcess
GetProcAddress
SetProcessAffinityMask
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetVersionExA
GetLastError
ExitThread
CreateThread
RtlUnwind
RaiseException
GetModuleHandleA
ExitProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
OutputDebugStringA
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
WriteFile
LoadLibraryExA
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetSystemInfo
VirtualQuery
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

advapi32

EventUnregister
EventWrite
RegCloseKey
RegOpenKeyA
RegEnumValueA
RegQueryValueExA
EventRegister

Exports

Exports

DllMain
OpenAdapter
XdxInitXopServices

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 881KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4144e9e797168a90d596e40adb655e93

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 507KB - Virtual size: 507KB

.data Size: 881KB - Virtual size: 896KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 111KB - Virtual size: 110KB

.text Size: 97KB - Virtual size: 100KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 507KB - Virtual size: 507KB

.data
Size: 881KB - Virtual size: 896KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 111KB - Virtual size: 110KB

.text
Size: 97KB - Virtual size: 100KB