agenttesla | V4_2024[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

V4_2024.zip
Size

3.5MB
MD5

9145bb59dbda584bfd622d4715b970db
SHA1

4623dccf81326560bf06280e4db85839a035f3be
SHA256

a9595a997c7dd4b3483bbc758094a08c0267c2854b87aefbec2374272e9a7a38
SHA512

7af701d1e2f7749a3415d45002a427d339f636640ce0c6f0a386fbf691ac90b469dcebd2134eb98b8b9ea9d98a20af0841e5ea6ff8c8dde9b8afbe7bf5729b00
SSDEEP

98304:fdQM6HLRzM/+2xahHLfu/MRKI3WaAIaM/d3xVyg+JS:f+9tzM/+9BfiMRKI3thdJR

Score

10^/10

agenttesla

Malware Config

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
static1/unpack001/Guna.UI2.dll	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AddinProtection.dll
unpack001/BetterListView.dll
unpack001/DevComponents.DotNetBar2.dll
unpack001/Guna.UI2.dll
unpack001/HBHGAMEVietHoa.exe
unpack001/ManagedWinapi.dll
unpack001/MyAppLoader.dll
unpack001/MyMessageBuilder.dll
unpack001/MyUI.dll
unpack001/cryptopp_net.dll
unpack001/myDotnetLoader.dll
unpack001/myEasyDotnetLoader.dll

Files

V4_2024.zip
.zip
AddinProtection.dll
.dll windows:5 windows x64 arch:x64

41c39c9025216c0605ea89f47c0902f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
HeapAlloc
GetLastError
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc

Exports

Exports

CAppProtection_0x0
CAppProtection_0x1
CAppProtection_0x10
CAppProtection_0x11
CAppProtection_0x12
CAppProtection_0x13
CAppProtection_0x14
CAppProtection_0x15
CAppProtection_0x16
CAppProtection_0x17
CAppProtection_0x18
CAppProtection_0x19
CAppProtection_0x1A
CAppProtection_0x1B
CAppProtection_0x1C
CAppProtection_0x1D
CAppProtection_0x1E
CAppProtection_0x1F
CAppProtection_0x2
CAppProtection_0x20
CAppProtection_0x21
CAppProtection_0x22
CAppProtection_0x23
CAppProtection_0x24
CAppProtection_0x25
CAppProtection_0x28
CAppProtection_0x2A
CAppProtection_0x2B
CAppProtection_0x2D
CAppProtection_0x2E
CAppProtection_0x2F
CAppProtection_0x3
CAppProtection_0x30
CAppProtection_0x31
CAppProtection_0x32
CAppProtection_0x33
CAppProtection_0x34
CAppProtection_0x35
CAppProtection_0x36
CAppProtection_0x37
CAppProtection_0x38
CAppProtection_0x39
CAppProtection_0x3A
CAppProtection_0x3B
CAppProtection_0x3C
CAppProtection_0x3D
CAppProtection_0x3E
CAppProtection_0x3F
CAppProtection_0x4
CAppProtection_0x40
CAppProtection_0x41
CAppProtection_0x42
CAppProtection_0x43
CAppProtection_0x44
CAppProtection_0x45
CAppProtection_0x46
CAppProtection_0x47
CAppProtection_0x48
CAppProtection_0x49
CAppProtection_0x4A
CAppProtection_0x4B
CAppProtection_0x4C
CAppProtection_0x4D
CAppProtection_0x4E
CAppProtection_0x4F
CAppProtection_0x5
CAppProtection_0x50
CAppProtection_0x51
CAppProtection_0x52
CAppProtection_0x53
CAppProtection_0x54
CAppProtection_0x55
CAppProtection_0x56
CAppProtection_0x57
CAppProtection_0x58
CAppProtection_0x59
CAppProtection_0x5A
CAppProtection_0x5B
CAppProtection_0x5C
CAppProtection_0x5D
CAppProtection_0x5E
CAppProtection_0x5F
CAppProtection_0x6
CAppProtection_0x60
CAppProtection_0x61
CAppProtection_0x62
CAppProtection_0x63
CAppProtection_0x64
CAppProtection_0x65
CAppProtection_0x66
CAppProtection_0x67
CAppProtection_0x68
CAppProtection_0x69
CAppProtection_0x6A
CAppProtection_0x6B
CAppProtection_0x6C
CAppProtection_0x6D
CAppProtection_0x6E
CAppProtection_0x6F
CAppProtection_0x7
CAppProtection_0x70
CAppProtection_0x71
CAppProtection_0x8
CAppProtection_0x9
CAppProtection_0xA
CAppProtection_0xB
CAppProtection_0xC
CAppProtection_0xD
CAppProtection_0xE
CAppProtection_0xF
CS_25343B23272A2233333638293A393B34333B36393823393334
CS_25343B23272A243C38333B3639383B
Initialize
UnInitialize

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BetterListView.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 703KB - Virtual size: 703KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DevComponents.DotNetBar2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.textxc
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datax
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Guna.UI2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HBHGAMEVietHoa.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HBHGAMEVietHoa.exe.config
HBHGAMEVietHoa.pdll
ManagedWinapi.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\_TPHUY\HLSVIETNAM_DEVELOPER\01_TECNOMATIX\PROCESS SIMULATE\ManagedAPI\ManagedWinapi\obj\Release\ManagedWinapi.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MyAppLoader.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MyMessageBuilder.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MyUI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 368KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cryptopp_net.dll
.dll windows:6 windows x64 arch:x64

dcb6f16b4797eb97f87ed7ceeecd414f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\App\ANDROID_NDK\01_WORKSPACE\cryptopp\x64\Release\cryptopp_net.pdb

Imports

kernel32

GetCurrentThread
GetThreadTimes
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WideCharToMultiByte
EncodePointer
DecodePointer
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetStringTypeW
GetCPInfo
InitializeSListHead
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
IsDebuggerPresent
GetStartupInfoW
FreeLibrary
QueryPerformanceFrequency
GetModuleFileNameW
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
GetStdHandle
GetFileType
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
CreateFileW
WriteConsoleW
QueryPerformanceCounter
SetLastError
GetLastError

Exports

Exports

CS_3A343A3C343B3B233A3E393B39
CS_3A343A3C343B3B233A3E393B39_0x0
CS_3A343A3C343B3B233A3E393B39_0x1
CS_3A343A3C343B3B233A3E393B39_0x10
CS_3A343A3C343B3B233A3E393B39_0x11
CS_3A343A3C343B3B233A3E393B39_0x12
CS_3A343A3C343B3B233A3E393B39_0x13
CS_3A343A3C343B3B233A3E393B39_0x14
CS_3A343A3C343B3B233A3E393B39_0x15
CS_3A343A3C343B3B233A3E393B39_0x16
CS_3A343A3C343B3B233A3E393B39_0x17
CS_3A343A3C343B3B233A3E393B39_0x18
CS_3A343A3C343B3B233A3E393B39_0x19
CS_3A343A3C343B3B233A3E393B39_0x1A
CS_3A343A3C343B3B233A3E393B39_0x1B
CS_3A343A3C343B3B233A3E393B39_0x1C
CS_3A343A3C343B3B233A3E393B39_0x1D
CS_3A343A3C343B3B233A3E393B39_0x1E
CS_3A343A3C343B3B233A3E393B39_0x1F
CS_3A343A3C343B3B233A3E393B39_0x2
CS_3A343A3C343B3B233A3E393B39_0x20
CS_3A343A3C343B3B233A3E393B39_0x21
CS_3A343A3C343B3B233A3E393B39_0x22
CS_3A343A3C343B3B233A3E393B39_0x23
CS_3A343A3C343B3B233A3E393B39_0x24
CS_3A343A3C343B3B233A3E393B39_0x25
CS_3A343A3C343B3B233A3E393B39_0x28
CS_3A343A3C343B3B233A3E393B39_0x2A
CS_3A343A3C343B3B233A3E393B39_0x2B
CS_3A343A3C343B3B233A3E393B39_0x2D
CS_3A343A3C343B3B233A3E393B39_0x2E
CS_3A343A3C343B3B233A3E393B39_0x2F
CS_3A343A3C343B3B233A3E393B39_0x3
CS_3A343A3C343B3B233A3E393B39_0x30
CS_3A343A3C343B3B233A3E393B39_0x31
CS_3A343A3C343B3B233A3E393B39_0x32
CS_3A343A3C343B3B233A3E393B39_0x33
CS_3A343A3C343B3B233A3E393B39_0x34
CS_3A343A3C343B3B233A3E393B39_0x35
CS_3A343A3C343B3B233A3E393B39_0x36
CS_3A343A3C343B3B233A3E393B39_0x37
CS_3A343A3C343B3B233A3E393B39_0x38
CS_3A343A3C343B3B233A3E393B39_0x39
CS_3A343A3C343B3B233A3E393B39_0x3A
CS_3A343A3C343B3B233A3E393B39_0x3B
CS_3A343A3C343B3B233A3E393B39_0x3C
CS_3A343A3C343B3B233A3E393B39_0x3D
CS_3A343A3C343B3B233A3E393B39_0x3E
CS_3A343A3C343B3B233A3E393B39_0x3F
CS_3A343A3C343B3B233A3E393B39_0x4
CS_3A343A3C343B3B233A3E393B39_0x40
CS_3A343A3C343B3B233A3E393B39_0x41
CS_3A343A3C343B3B233A3E393B39_0x42
CS_3A343A3C343B3B233A3E393B39_0x43
CS_3A343A3C343B3B233A3E393B39_0x44
CS_3A343A3C343B3B233A3E393B39_0x45
CS_3A343A3C343B3B233A3E393B39_0x46
CS_3A343A3C343B3B233A3E393B39_0x47
CS_3A343A3C343B3B233A3E393B39_0x48
CS_3A343A3C343B3B233A3E393B39_0x49
CS_3A343A3C343B3B233A3E393B39_0x4A
CS_3A343A3C343B3B233A3E393B39_0x4B
CS_3A343A3C343B3B233A3E393B39_0x4C
CS_3A343A3C343B3B233A3E393B39_0x4D
CS_3A343A3C343B3B233A3E393B39_0x4E
CS_3A343A3C343B3B233A3E393B39_0x4F
CS_3A343A3C343B3B233A3E393B39_0x5
CS_3A343A3C343B3B233A3E393B39_0x50
CS_3A343A3C343B3B233A3E393B39_0x51
CS_3A343A3C343B3B233A3E393B39_0x52
CS_3A343A3C343B3B233A3E393B39_0x53
CS_3A343A3C343B3B233A3E393B39_0x54
CS_3A343A3C343B3B233A3E393B39_0x55
CS_3A343A3C343B3B233A3E393B39_0x56
CS_3A343A3C343B3B233A3E393B39_0x57
CS_3A343A3C343B3B233A3E393B39_0x58
CS_3A343A3C343B3B233A3E393B39_0x59
CS_3A343A3C343B3B233A3E393B39_0x5A
CS_3A343A3C343B3B233A3E393B39_0x5B
CS_3A343A3C343B3B233A3E393B39_0x5C
CS_3A343A3C343B3B233A3E393B39_0x5D
CS_3A343A3C343B3B233A3E393B39_0x5E
CS_3A343A3C343B3B233A3E393B39_0x5F
CS_3A343A3C343B3B233A3E393B39_0x6
CS_3A343A3C343B3B233A3E393B39_0x60
CS_3A343A3C343B3B233A3E393B39_0x61
CS_3A343A3C343B3B233A3E393B39_0x62
CS_3A343A3C343B3B233A3E393B39_0x63
CS_3A343A3C343B3B233A3E393B39_0x64
CS_3A343A3C343B3B233A3E393B39_0x65
CS_3A343A3C343B3B233A3E393B39_0x66
CS_3A343A3C343B3B233A3E393B39_0x67
CS_3A343A3C343B3B233A3E393B39_0x68
CS_3A343A3C343B3B233A3E393B39_0x69
CS_3A343A3C343B3B233A3E393B39_0x6A
CS_3A343A3C343B3B233A3E393B39_0x6B
CS_3A343A3C343B3B233A3E393B39_0x6C
CS_3A343A3C343B3B233A3E393B39_0x6D
CS_3A343A3C343B3B233A3E393B39_0x6E
CS_3A343A3C343B3B233A3E393B39_0x6F
CS_3A343A3C343B3B233A3E393B39_0x7
CS_3A343A3C343B3B233A3E393B39_0x70
CS_3A343A3C343B3B233A3E393B39_0x71
CS_3A343A3C343B3B233A3E393B39_0x8
CS_3A343A3C343B3B233A3E393B39_0x9
CS_3A343A3C343B3B233A3E393B39_0xA
CS_3A343A3C343B3B233A3E393B39_0xB
CS_3A343A3C343B3B233A3E393B39_0xC
CS_3A343A3C343B3B233A3E393B39_0xD
CS_3A343A3C343B3B233A3E393B39_0xE
CS_3A343A3C343B3B233A3E393B39_0xF
Hash

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
myDotnetLoader.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
myEasyDotnetLoader.dll
.dll windows:6 windows x64 arch:x64

df0c272b7a81045992bb577f5da2570b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
GetProcAddress
LoadLibraryA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
HeapSize
HeapReAlloc
CloseHandle
CreateFileW
WriteConsoleW

Exports

Exports

CS_25343B28323B363C3423323737293A393D3E
CS_25343B28323B363C3423323737293A393D3E_0x0
CS_25343B28323B363C3423323737293A393D3E_0x1
CS_25343B28323B363C3423323737293A393D3E_0x10
CS_25343B28323B363C3423323737293A393D3E_0x11
CS_25343B28323B363C3423323737293A393D3E_0x12
CS_25343B28323B363C3423323737293A393D3E_0x13
CS_25343B28323B363C3423323737293A393D3E_0x14
CS_25343B28323B363C3423323737293A393D3E_0x15
CS_25343B28323B363C3423323737293A393D3E_0x16
CS_25343B28323B363C3423323737293A393D3E_0x17
CS_25343B28323B363C3423323737293A393D3E_0x18
CS_25343B28323B363C3423323737293A393D3E_0x19
CS_25343B28323B363C3423323737293A393D3E_0x1A
CS_25343B28323B363C3423323737293A393D3E_0x1B
CS_25343B28323B363C3423323737293A393D3E_0x1C
CS_25343B28323B363C3423323737293A393D3E_0x1D
CS_25343B28323B363C3423323737293A393D3E_0x1E
CS_25343B28323B363C3423323737293A393D3E_0x1F
CS_25343B28323B363C3423323737293A393D3E_0x2
CS_25343B28323B363C3423323737293A393D3E_0x20
CS_25343B28323B363C3423323737293A393D3E_0x21
CS_25343B28323B363C3423323737293A393D3E_0x22
CS_25343B28323B363C3423323737293A393D3E_0x23
CS_25343B28323B363C3423323737293A393D3E_0x24
CS_25343B28323B363C3423323737293A393D3E_0x25
CS_25343B28323B363C3423323737293A393D3E_0x28
CS_25343B28323B363C3423323737293A393D3E_0x2A
CS_25343B28323B363C3423323737293A393D3E_0x2B
CS_25343B28323B363C3423323737293A393D3E_0x2D
CS_25343B28323B363C3423323737293A393D3E_0x2E
CS_25343B28323B363C3423323737293A393D3E_0x2F
CS_25343B28323B363C3423323737293A393D3E_0x3
CS_25343B28323B363C3423323737293A393D3E_0x30
CS_25343B28323B363C3423323737293A393D3E_0x31
CS_25343B28323B363C3423323737293A393D3E_0x32
CS_25343B28323B363C3423323737293A393D3E_0x33
CS_25343B28323B363C3423323737293A393D3E_0x34
CS_25343B28323B363C3423323737293A393D3E_0x35
CS_25343B28323B363C3423323737293A393D3E_0x36
CS_25343B28323B363C3423323737293A393D3E_0x37
CS_25343B28323B363C3423323737293A393D3E_0x38
CS_25343B28323B363C3423323737293A393D3E_0x39
CS_25343B28323B363C3423323737293A393D3E_0x3A
CS_25343B28323B363C3423323737293A393D3E_0x3B
CS_25343B28323B363C3423323737293A393D3E_0x3C
CS_25343B28323B363C3423323737293A393D3E_0x3D
CS_25343B28323B363C3423323737293A393D3E_0x3E
CS_25343B28323B363C3423323737293A393D3E_0x3F
CS_25343B28323B363C3423323737293A393D3E_0x4
CS_25343B28323B363C3423323737293A393D3E_0x40
CS_25343B28323B363C3423323737293A393D3E_0x41
CS_25343B28323B363C3423323737293A393D3E_0x42
CS_25343B28323B363C3423323737293A393D3E_0x43
CS_25343B28323B363C3423323737293A393D3E_0x44
CS_25343B28323B363C3423323737293A393D3E_0x45
CS_25343B28323B363C3423323737293A393D3E_0x46
CS_25343B28323B363C3423323737293A393D3E_0x47
CS_25343B28323B363C3423323737293A393D3E_0x48
CS_25343B28323B363C3423323737293A393D3E_0x49
CS_25343B28323B363C3423323737293A393D3E_0x4A
CS_25343B28323B363C3423323737293A393D3E_0x4B
CS_25343B28323B363C3423323737293A393D3E_0x4C
CS_25343B28323B363C3423323737293A393D3E_0x4D
CS_25343B28323B363C3423323737293A393D3E_0x4E
CS_25343B28323B363C3423323737293A393D3E_0x4F
CS_25343B28323B363C3423323737293A393D3E_0x5
CS_25343B28323B363C3423323737293A393D3E_0x50
CS_25343B28323B363C3423323737293A393D3E_0x51
CS_25343B28323B363C3423323737293A393D3E_0x52
CS_25343B28323B363C3423323737293A393D3E_0x53
CS_25343B28323B363C3423323737293A393D3E_0x54
CS_25343B28323B363C3423323737293A393D3E_0x55
CS_25343B28323B363C3423323737293A393D3E_0x56
CS_25343B28323B363C3423323737293A393D3E_0x57
CS_25343B28323B363C3423323737293A393D3E_0x58
CS_25343B28323B363C3423323737293A393D3E_0x59
CS_25343B28323B363C3423323737293A393D3E_0x5A
CS_25343B28323B363C3423323737293A393D3E_0x5B
CS_25343B28323B363C3423323737293A393D3E_0x5C
CS_25343B28323B363C3423323737293A393D3E_0x5D
CS_25343B28323B363C3423323737293A393D3E_0x5E
CS_25343B28323B363C3423323737293A393D3E_0x5F
CS_25343B28323B363C3423323737293A393D3E_0x6
CS_25343B28323B363C3423323737293A393D3E_0x60
CS_25343B28323B363C3423323737293A393D3E_0x61
CS_25343B28323B363C3423323737293A393D3E_0x62
CS_25343B28323B363C3423323737293A393D3E_0x63
CS_25343B28323B363C3423323737293A393D3E_0x64
CS_25343B28323B363C3423323737293A393D3E_0x65
CS_25343B28323B363C3423323737293A393D3E_0x66
CS_25343B28323B363C3423323737293A393D3E_0x67
CS_25343B28323B363C3423323737293A393D3E_0x68
CS_25343B28323B363C3423323737293A393D3E_0x69
CS_25343B28323B363C3423323737293A393D3E_0x6A
CS_25343B28323B363C3423323737293A393D3E_0x6B
CS_25343B28323B363C3423323737293A393D3E_0x6C
CS_25343B28323B363C3423323737293A393D3E_0x6D
CS_25343B28323B363C3423323737293A393D3E_0x6E
CS_25343B28323B363C3423323737293A393D3E_0x6F
CS_25343B28323B363C3423323737293A393D3E_0x7
CS_25343B28323B363C3423323737293A393D3E_0x70
CS_25343B28323B363C3423323737293A393D3E_0x71
CS_25343B28323B363C3423323737293A393D3E_0x8
CS_25343B28323B363C3423323737293A393D3E_0x9
CS_25343B28323B363C3423323737293A393D3E_0xA
CS_25343B28323B363C3423323737293A393D3E_0xB
CS_25343B28323B363C3423323737293A393D3E_0xC
CS_25343B28323B363C3423323737293A393D3E_0xD
CS_25343B28323B363C3423323737293A393D3E_0xE
CS_25343B28323B363C3423323737293A393D3E_0xF
CS_2A3435363B3B343A23393B38343B27393233343A

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41c39c9025216c0605ea89f47c0902f1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 3KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 703KB - Virtual size: 703KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.textxc Size: 5.2MB - Virtual size: 5.2MB

.datax Size: 4KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 86B

.reloc Size: 4KB - Virtual size: 12B

.rsrc Size: 4KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 192KB - Virtual size: 191KB

.rsrc Size: 8KB - Virtual size: 4KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 93KB - Virtual size: 92KB

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 12KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 840B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 703KB - Virtual size: 703KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.textxc
Size: 5.2MB - Virtual size: 5.2MB

.datax
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 86B

.reloc
Size: 4KB - Virtual size: 12B

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 192KB - Virtual size: 191KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 93KB - Virtual size: 92KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 72KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 368KB - Virtual size: 364KB

.rsrc
Size: 4KB - Virtual size: 744B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 262KB - Virtual size: 261KB

.rdata
Size: 125KB - Virtual size: 124KB

.data
Size: 12KB - Virtual size: 22KB

.pdata
Size: 12KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 2KB - Virtual size: 1KB