eb1fbafdd42cc9bea02076a81357d97e038f4c755580d097cdb6b0b65fc88269

Sharing

Copy URL Twitter E-mail

General

Target

eb1fbafdd42cc9bea02076a81357d97e038f4c755580d097cdb6b0b65fc88269
Size

425KB
MD5

b34292e31329d94a48b90ce534b94cdf
SHA1

6ecff984543ee08e7ca749ef232497e066685c84
SHA256

eb1fbafdd42cc9bea02076a81357d97e038f4c755580d097cdb6b0b65fc88269
SHA512

22fb03757a2329a1bd55e4659e43ecb4de11b2bf830a8616c5a5a1d12c18a8c86993b82c90831be57fbf32a88ca8eb8cca359fa758d42401317b4dd7ba92e221
SSDEEP

6144:lYgk1xf6fxfqiRma4KGJLVbVR9t2mlQZqSxCft87xj4MUPIdB+1qb:lzkjf6VlRyBVZjt2rqSxqzZPIdPb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb1fbafdd42cc9bea02076a81357d97e038f4c755580d097cdb6b0b65fc88269

Files

eb1fbafdd42cc9bea02076a81357d97e038f4c755580d097cdb6b0b65fc88269
.dll windows:6 windows x86 arch:x86

630808ffee650302634f82a97394a1b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\workspace\workspace\Endpoint-Release\10.Output\Win.x86Release\Intruder.pdb

Imports

kernel32

WaitForSingleObject
OutputDebugStringW
GetModuleHandleW
GetCurrentThread
WideCharToMultiByte
Sleep
GetModuleFileNameW
CreateFileW
lstrcatA
FreeLibraryAndExitThread
GetProcAddress
CreateDirectoryW
GetModuleFileNameA
lstrcatW
CreateToolhelp32Snapshot
Module32NextW
DeleteFileW
GetCurrentProcessId
GetTempPathA
VirtualQueryEx
VirtualProtectEx
VirtualFree
VirtualAlloc
FreeLibrary
CreateThread
CloseHandle
Module32FirstW
OutputDebugStringA
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
VirtualQuery
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
EncodePointer
DecodePointer
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetStringTypeW
GetProcessHeap
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WriteFile
ReadFile
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetLastError
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
RaiseException
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
LoadLibraryExW
ReadConsoleW
SetStdHandle
WriteConsoleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableA
VirtualProtect
SetEndOfFile

user32

FindWindowW
PostMessageW
SendMessageW

common

?GetBuffer@CTXStringW@@QAEPA_WXZ
??1CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@ABV0@@Z

shlwapi

PathIsDirectoryW
StrStrIW

Exports

Exports

_ReflectiveLoader@4

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

630808ffee650302634f82a97394a1b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

common

shlwapi

Exports

Exports

Sections

.text Size: 331KB - Virtual size: 330KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 9KB - Virtual size: 18KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 331KB - Virtual size: 330KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 9KB - Virtual size: 18KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 16KB - Virtual size: 15KB