5e145a6c261b53df5bb4b240f56add4d81a6d750e8a7e4e9e634c1dfb387dfd9

Sharing

Copy URL

Twitter E-mail

General

Target

5e145a6c261b53df5bb4b240f56add4d81a6d750e8a7e4e9e634c1dfb387dfd9
Size

205KB
MD5

89002b460d9780d6e0486a067acba37b
SHA1

0ee80b66558f917f92f94fd87f98d7c3a7614433
SHA256

5e145a6c261b53df5bb4b240f56add4d81a6d750e8a7e4e9e634c1dfb387dfd9
SHA512

fc9da523ccc3c20547cab5b6c73d92e96f74336655d333c0a02feab43ab25f0aeb2d8113855fb85f4a49e29e17f5871198d012586b46dca27364c4bbe3dc40f2
SSDEEP

6144:pqqDL6ojRIavhL4K4S8FTTjobtZsrmWPO:Eqn6ot7xoNubX2P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e145a6c261b53df5bb4b240f56add4d81a6d750e8a7e4e9e634c1dfb387dfd9

Files

5e145a6c261b53df5bb4b240f56add4d81a6d750e8a7e4e9e634c1dfb387dfd9
.dll windows:6 windows x86 arch:x86

2082164ada3f0ce30a9260e9f18aae19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aaclient.pdb

Imports

msvcrt

free
memset
malloc
_vsnprintf
_vsnwprintf
_wcsicmp
wcschr
toupper
strrchr
rand
_ltow
_ultow
wcsrchr
__CxxFrameHandler
_onexit
_lock
__dllonexit
_unlock
memcpy
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_purecall

ntdll

RtlUnwind
VerSetConditionMask

ws2_32

htonl

user32

MessageBeep
MessageBoxW
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
EndDialog
SetDlgItemTextW
SetWindowTextW
GetWindowRect
GetSystemMetrics
SetWindowPos
PostMessageW
CharNextW
CreateDialogParamW

kernel32

lstrlenW
WideCharToMultiByte
LoadLibraryExW
VerifyVersionInfoW
RegisterWaitForSingleObject
UnregisterWaitEx
CreateMutexW
OutputDebugStringW
DebugBreak
WaitForSingleObject
SetUnhandledExceptionFilter
GetProcessHeap
HeapAlloc
HeapFree
GetComputerNameW
LoadLibraryA
VirtualQuery
GetModuleFileNameA
GetCurrentThread
GetThreadContext
FreeLibrary
SetEvent
CreateEventW
GetLocalTime
ExitProcess
CompareFileTime
GetFileTime
CreateFileW
SetFilePointer
SetEndOfFile
GetSystemTime
SystemTimeToFileTime
SetFileTime
FlushViewOfFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLastError
GetProcAddress
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
CreateIoCompletionPort
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
LocalAlloc
LocalFree
GetComputerNameExW
InterlockedExchange
Sleep
InterlockedCompareExchange
OutputDebugStringA
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameW
GetVersion
GetVersionExW
ReleaseMutex

crypt32

CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CryptUnprotectData

advapi32

CredFree
CredUnmarshalCredentialW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegDeleteValueW
RegDeleteKeyW
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
AddAccessDeniedAce
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

mstscax

RegisterTransportExtDll

rpcrt4

I_RpcExceptionFilter
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2

Exports

Exports

LoadClientAdapter
OpenKeyReader
OpenKeyReaderWriter
g_fnStartTransport

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2082164ada3f0ce30a9260e9f18aae19

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

ws2_32

user32

kernel32

crypt32

advapi32

mstscax

rpcrt4

Exports

Exports

Sections

.text Size: 186KB - Virtual size: 185KB

.data Size: 2KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 186KB - Virtual size: 185KB

.data
Size: 2KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB