7286fb37665d5af8e7ac6441e970cdbb653f8d45ae578b8fc2ad87c46007eaad

Sharing

Copy URL Twitter E-mail

General

Target

7286fb37665d5af8e7ac6441e970cdbb653f8d45ae578b8fc2ad87c46007eaad
Size

531KB
MD5

94e877e799e0d6f86b2231e7714bda0b
SHA1

32080c3d7fb3fac99c616aaa78c70493113df81d
SHA256

7286fb37665d5af8e7ac6441e970cdbb653f8d45ae578b8fc2ad87c46007eaad
SHA512

c87a75de74757f375671d5af983eea811ee0c9205efa425e18ffe1b34c95be1de206fd2a9b9d5a1cccfc96275b28122721f23de3772cd40a1d97f8df2d36b06a
SSDEEP

12288:kqrVuEh44XwOpPAJbPPy3oeUkPjs6WhChQ0qxw+hj0:rrVuEh44ppPAJbi3oe7js1w1+hj0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7286fb37665d5af8e7ac6441e970cdbb653f8d45ae578b8fc2ad87c46007eaad

Files

7286fb37665d5af8e7ac6441e970cdbb653f8d45ae578b8fc2ad87c46007eaad
.dll windows:10 windows x86 arch:x86

2bb8745d98c408ea6dadc19ee4976847

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ipnathlp.pdb

Imports

dhcpcsvc6

Dhcpv6CancelOperation
Dhcpv6RequestPrefixEx
Dhcpv6ReleasePrefixEx
Dhcpv6RenewPrefixEx

msvcrt

memcpy
memcmp
_ftol2
memmove
_purecall
memcpy_s
_vsnwprintf
memmove_s
wcstombs
sprintf_s
_wcsicmp
mbstowcs
fclose
_open_osfhandle
_fdopen
fgets
feof
strpbrk
_strnicmp
atoi
fputc
fputs
fprintf
time
free
malloc
difftime
strtok_s
_wcsdup
_vsnprintf
qsort
wcsncmp
realloc
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_itow
memset
_amsg_exit
_initterm
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
RegisterTraceGuidsW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapSize
HeapDestroy

api-ms-win-core-synch-l1-1-0

SetEvent
CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
ResetEvent
ReleaseSemaphore
CreateEventA
ReleaseMutex
CreateEventW
InitializeCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
OpenSemaphoreW
AcquireSRWLockShared

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadResource
FreeResource
LockResource
LoadStringW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetProcAddress
GetModuleHandleExW
SizeofResource
DisableThreadLibraryCalls

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

iphlpapi

ConvertInterfaceLuidToNameW
ConvertIpv4MaskToLength
GetIfEntry
GetAdapterIndex
ConvertInterfaceLuidToGuid
NotifyAddrChange
DeleteIpNetEntry
CreateUnicastIpAddressEntry
DeleteUnicastIpAddressEntry
InitializeUnicastIpAddressEntry
NotifyUnicastIpAddressChange
ConvertInterfaceIndexToLuid
GetIfEntry2
NotifyIpInterfaceChange
CreateIpNetEntry2
GetIpNetTable
SendARP
GetIpAddrTable
CancelMibChangeNotify2
ConvertInterfaceGuidToLuid
GetIfTable
ConvertInterfaceLuidToIndex
CancelIPChangeNotify
GetAdaptersAddresses

dnsapi

DnsFreeConfigStructure
Dns_FreeMsgBuf
Dns_BuildPacket
Dns_ParseMessage
DnsNameCompare_W
DnsQueryConfigAllocEx
DnsGetPrimaryDomainName_A
DnsFree
DnsQuery_W

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

mswsock

AcceptEx

api-ms-win-security-base-l1-1-0

DuplicateToken
CheckTokenMembership
SetKernelObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
CreateWellKnownSid
RevertToSelf
GetLengthSid
InitializeAcl

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile
CreateFileA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW
FindResourceW

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetVersionExW
GetComputerNameExW
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentThreadId
OpenProcessToken
GetCurrentThread
SetThreadPriority
OpenThreadToken
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork

winhttp

WinHttpDetectAutoProxyConfigUrl

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

rpcrt4

RpcServerInqBindings
RpcEpRegisterW
UuidCreate
RpcBindingVectorFree
RpcEpUnregister
UuidToStringW
RpcServerUseProtseqW
RpcServerUnregisterIf
RpcImpersonateClient
RpcStringFreeW
RpcRevertToSelfEx
RpcServerRegisterIf3
NdrServerCall2

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait
GetComputerNameW
BindIoCompletionCallback

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueEx
UnregisterWaitEx
CreateTimerQueue
QueueUserWorkItem

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenA
lstrlenW
lstrcmpW
lstrcmpiA

nsi

NsiFreeTable
NsiSetAllParameters
NsiAllocateAndGetTable
NsiGetAllParameters
NsiSetAllParametersEx
NsiGetParameterEx
NsiCancelChangeNotification
NsiRequestChangeNotification

winnsi

NsiConnectToServer
NsiRpcSetAllParameters
NsiRpcRegisterChangeNotification
NsiDisconnectFromServer
NsiRpcDeregisterChangeNotification

cryptsp

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

dhcpcsvc

DhcpEnableDhcp

ntdll

RtlDeregisterWaitEx
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
NtSetEvent
RtlStringFromGUID
RtlFreeUnicodeString
RtlRegisterWait
NtCreateEvent
NtNotifyChangeKey
RtlEnumerateGenericTable
RtlLookupElementGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlNumberGenericTableElements
RtlInitializeGenericTable
RtlDeregisterWait
RtlPublishWnfStateData
RtlRandom
RtlQueueWorkItem
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtUnloadDriver
RtlImpersonateSelf
RtlAdjustPrivilege
NtOpenFile
NtLoadDriver
RtlFindSetBits
RtlClearBits
RtlClearAllBits
RtlInitializeBitMap
NtDeviceIoControlFile
NtCreateFile
RtlFindClearBitsAndSet
RtlUpdateTimer
RtlDeleteTimerQueueEx
RtlCreateTimer
RtlDeleteTimer
RtlAnsiStringToUnicodeString
RtlAllocateHeap
RtlGetPersistedStateLocation
RtlFreeHeap
RtlInitString
RtlInitUnicodeString
NtOpenKey
NtClose
RtlNtStatusToDosError
RtlCreateTimerQueue
NtQueryValueKey

firewallapi

FWClosePolicyStore
FWFreeFirewallRules
FWDeleteFirewallRule
FWOpenPolicyStore
FWSetFirewallRule
FWAddFirewallRule
FWQueryFirewallRules

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

rtutils

TraceRegisterExW
TraceDeregisterW

api-ms-win-core-io-l1-1-0

DeviceIoControl

Exports

Exports

NatAcquirePortReservation
NatCancelDynamicRedirect
NatCancelRedirect
NatCreateDynamicFullRedirect
NatCreateDynamicRedirect
NatCreateDynamicRedirectEx
NatCreateRedirect
NatCreateRedirectEx
NatInitializePortReservation
NatInitializeTranslator
NatLookupAndQueryInformationSessionMapping
NatQueryInformationRedirect
NatQueryInformationRedirectHandle
NatReleasePortReservation
NatShutdownPortReservation
NatShutdownTranslator
NhAcceptStreamSocket
NhAcquireFixedLengthBuffer
NhAcquireVariableLengthBuffer
NhCreateDatagramSocket
NhCreateStreamSocket
NhDeleteSocket
NhInitializeBufferManagement
NhInitializeTraceManagement
NhReadDatagramSocket
NhReadStreamSocket
NhReleaseBuffer
NhWriteDatagramSocket
NhWriteStreamSocket
RegisterProtocol
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bb8745d98c408ea6dadc19ee4976847

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dhcpcsvc6

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-eventing-provider-l1-1-0

iphlpapi

dnsapi

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

mswsock

api-ms-win-security-base-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-threadpool-l1-2-0

winhttp

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-timezone-l1-1-0

rpcrt4

api-ms-win-core-synch-l1-2-1

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

nsi

winnsi

cryptsp

dhcpcsvc

ntdll

firewallapi

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

rtutils

api-ms-win-core-io-l1-1-0

Exports

Exports

Sections

.text Size: 453KB - Virtual size: 452KB

.data Size: 3KB - Virtual size: 8KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 312B

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 453KB - Virtual size: 452KB

.data
Size: 3KB - Virtual size: 8KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 312B

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 39KB - Virtual size: 38KB