pconsnap[.]dll[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pconsnap.dll.exe
Size

71.0MB
MD5

8fb5e72a31680189d9a529b49962a0b1
SHA1

2816b44de0065bee18ac963bcc3bf9b195499eeb
SHA256

4f9ef9f4b90d8e0928a36369e90d912b1f4a3b5afc173cddecb1790aa06cdc74
SHA512

fdafa98131bca5dc1717f56de1897a77244c7ff73577358ad187c42930729ed6488f6206daf864f161ab41bfdc2f94b562a8eded561e3119c026a068dc0d9682
SSDEEP

1572864:jSGOD5R6/+fkA7n5gpO6TlY0C1U9j+JsTiV/Dn5+s24M/:jpODH63A75gpNhY0Cy96Js+VLJU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pconsnap.dll.exe

Files

pconsnap.dll.exe
.dll windows:6 windows x64 arch:x64

77ea498ab4c59d017cd6a85eb58a7875

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa
WSACleanup
inet_addr

kernel32

lstrcmpiW
lstrlenW
GetComputerNameW
GetLocaleInfoW
CreateFileA
DeleteFileW
WriteFile
GlobalUnlock
GlobalLock
GetTickCount
lstrcmpW
lstrcpyW
HeapAlloc
HeapFree
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
GlobalAlloc
GlobalFree
WideCharToMultiByte
WaitForSingleObject
CreateThread
GetComputerNameA
SetLastError
GetProcessHeap
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
LoadLibraryA
IsBadReadPtr
GetHandleInformation
GetProcessId
GetModuleHandleW
CreateFileW
ReadFile
SetFilePointer
SystemTimeToFileTime
MultiByteToWideChar
LocalFree
GetFileSize
GetLocalTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FileTimeToSystemTime
CompareStringW
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
LocalReAlloc
LocalAlloc
LoadLibraryW
GetProcAddress
FreeLibrary
GetWindowsDirectoryW
GetTickCount64
OpenProcess
GetCurrentProcessId
RtlUnwind
Sleep
InitializeCriticalSectionEx
GetLastError
CloseHandle
LCMapStringW
IsValidLocale
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FindClose
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
GetFileType
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetUserDefaultLCID
GetFileInformationByHandle
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
MoveFileExW
QueryPerformanceFrequency
GetFileAttributesExW
ExitProcess
EnumSystemLocalesW

user32

OpenWindowStationW
EnumDisplayDevicesW
EnumDisplaySettingsW
OpenDesktopW
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetDesktopWindow
SetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
GetDeviceCaps
CreateDCW
BitBlt

advapi32

EnumDependentServicesW
LookupAccountSidW
DeleteService
QueryServiceStatus
LockServiceDatabase
GetServiceDisplayNameW
GetServiceKeyNameW
EnumServicesStatusExW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

oleaut32

SysAllocString
OleCreatePictureIndirect
SysFreeString
VariantClear
VariantInit
VariantChangeType

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromFile
GdipSaveImageToFile
GdipCloneImage
GdipDisposeImage

netapi32

NetConnectionEnum
NetServerEnum

iphlpapi

DeleteIpNetEntry

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77ea498ab4c59d017cd6a85eb58a7875

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

netapi32

iphlpapi

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 12KB - Virtual size: 41KB

.pdata Size: 26KB - Virtual size: 26KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 12KB - Virtual size: 41KB

.pdata
Size: 26KB - Virtual size: 26KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 4KB - Virtual size: 3KB