99b4e9a90b4aa0095d9910c1b2c73a6715cd071116ec19015901c78680cb9e3b

Sharing

Copy URL Twitter E-mail

General

Target

99b4e9a90b4aa0095d9910c1b2c73a6715cd071116ec19015901c78680cb9e3b
Size

392KB
MD5

be5f51ded59edf155d826de85feb5226
SHA1

6ee7ac9e8e02abf2db865ae6af72dff1a9b51f58
SHA256

99b4e9a90b4aa0095d9910c1b2c73a6715cd071116ec19015901c78680cb9e3b
SHA512

da197be48b338d7a0096cb30599117a28f92f1c92221e3850ab5e963c8baedd0a150c7c2778d445533891c5f73c370912a355b658a7a013a7500c51e868275c2
SSDEEP

6144:+JtNGv9pj7D6r4PmOP9AB3r4YPjHxx1mzbXxccKhPKDZo+nUdRWsmu7IbFmq6AfH:LJ6OPABNForxPKzCUdRWsm6IbFReW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99b4e9a90b4aa0095d9910c1b2c73a6715cd071116ec19015901c78680cb9e3b

Files

99b4e9a90b4aa0095d9910c1b2c73a6715cd071116ec19015901c78680cb9e3b
.exe windows:5 windows x64 arch:x64

b2d6289b68c46af4369dd1b805d75fe0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\darkfire\Desktop\Lonhhorned\reactos\output-VS-amd64\msvc_pdb\nfsd.pdb

Imports

advapi32

AddAccessAllowedAce
AddAccessDeniedAce
CreateWellKnownSid
EqualSid
GetAce
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeAcl
InitializeSecurityDescriptor
IsWellKnownSid
LookupAccountNameA
LookupAccountSidA
MakeSelfRelativeSD
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetUserNameA
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
ControlService
CreateServiceA
DeleteService
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

iphlpapi

GetNetworkParams
GetAdaptersAddresses

kernel32_vista

AcquireSRWLockExclusive
InitializeConditionVariable
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
SleepConditionVariableSRW
WakeAllConditionVariable
GetTickCount64
SleepConditionVariableCS
WakeConditionVariable
AcquireSRWLockShared

libtirpc

xdr_hyper
xdr_opaque
xdr_bytes
xdr_array
freeuaddr
xdr_bool
xdr_u_int64_t
xdr_u_int32_t
xdr_void
xdrmem_create
xdr_string
taddr2uaddr
freenetbuf
uaddr2taddr
clnt_pcreateerror
clnt_tli_create
freenetconfigent
getnetconfigent
authsspi_create_default
authunix_create
xdr_enum
xdr_union
xdr_u_hyper

msvcrt

_cexit
_fpreset
_initterm
__initenv
_acmdln
__getmainargs
__lconv_init
_amsg_exit
__setusermatherr
_snprintf
abs
_beginthreadex
_iob
atoi
printf
_assert
isspace
time
_stricmp
strchr
strcmp
strtoul
_errno
_vsnprintf
fgets
realloc
memset
__set_app_type
exit
vfprintf
fprintf
fopen
fflush
fclose
memcmp
strncmp
strlen
memcpy
malloc
free
signal
calloc

ws2_32

htonl
getnameinfo
freeaddrinfo
WSAAddressToStringA
WSAGetLastError
inet_ntoa
gethostname
getaddrinfo

wldap32

ldap_value_freeA
ldap_get_valuesA
ldap_first_entry
LdapMapErrorToWin32
LdapGetLastError
ldap_err2stringA
ldap_msgfree
ldap_search_stA
ldap_unbind
ldap_set_optionA
ldap_initA

kernel32

TlsGetValue
LoadLibraryW
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
GetStartupInfoA
GetProcAddress
GetSystemTimeAsFileTime
WideCharToMultiByte
SetConsoleCtrlHandler
lstrlenA
LocalFree
GetModuleFileNameA
FormatMessageA
GetShortPathNameW
WaitForMultipleObjects
GetExitCodeThread
MultiByteToWideChar
TerminateThread
WaitForSingleObject
SetEvent
GetTickCount
CreateEventA
Sleep
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
CreateFileA
CloseHandle
GetCurrentThreadId
GetLastError

Sections

.text
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2d6289b68c46af4369dd1b805d75fe0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

iphlpapi

kernel32_vista

libtirpc

msvcrt

ws2_32

wldap32

kernel32

Sections

.text Size: 259KB - Virtual size: 258KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 512B - Virtual size: 968B

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 259KB - Virtual size: 258KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 512B - Virtual size: 968B

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 3KB - Virtual size: 2KB