a9b45086282b15186a9510bd2cabc7e5a2be609f4f0e5e076362cafd154e7692

Sharing

Copy URL Twitter E-mail

General

Target

a9b45086282b15186a9510bd2cabc7e5a2be609f4f0e5e076362cafd154e7692
Size

3.0MB
MD5

645aa9a967813a21a4f681feaae4e286
SHA1

1fbe5f1394161dd30f92918e9ab7797b937512cf
SHA256

a9b45086282b15186a9510bd2cabc7e5a2be609f4f0e5e076362cafd154e7692
SHA512

ed87b02b6ccd27a5d82443292380f24daf4361d34338452b7bd16e7c13fc302d17d769d76e5db0dbcb7c639f2c1a6e7b1247cdaf13447514a5322628978f60b8
SSDEEP

49152:LIuvMrN3sB49sV699FaX3wEuEQ2h3OxOwgOp5N+fdFspzF9SR:LIEM449O6PomW3O4XYN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9b45086282b15186a9510bd2cabc7e5a2be609f4f0e5e076362cafd154e7692

Files

a9b45086282b15186a9510bd2cabc7e5a2be609f4f0e5e076362cafd154e7692
.dll windows:5 windows x86 arch:x86

8424a743164765adf955564b1f77a047

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\NSecsoft\NSec\Client\Client-CommonLibs\NSecsoft.NativeModule\Release\x86\NSecsoft.NativeModule.pdb

Imports

kernel32

SystemTimeToTzSpecificLocalTime
ResetEvent
GetCurrentDirectoryW
DisableThreadLibraryCalls
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
GetFileTime
GetCurrentProcessId
FileTimeToLocalFileTime
CloseHandle
FileTimeToSystemTime
GetLastError
OpenProcess
CreateFileW
GlobalMemoryStatus
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
SwitchToFiber
DeleteFiber
GetVersion
InterlockedExchangeAdd
GetEnvironmentVariableW
ReadConsoleA
SetConsoleMode
VerifyVersionInfoW
VerSetConditionMask
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableA
CompareFileTime
CreateDirectoryW
SetStdHandle
GetConsoleCP
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
FormatMessageW
WideCharToMultiByte
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
InitializeCriticalSection
DeleteFileW
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
ReadFile
WaitForSingleObject
LocalFree
OpenMutexW
GetLogicalDrives
HeapFree
GetDriveTypeA
GetVolumeInformationA
CreateFileA
HeapAlloc
SetFileAttributesA
GetComputerNameW
GetProcessHeap
GetPrivateProfileStringA
InterlockedDecrement
HeapSize
HeapReAlloc
RaiseException
HeapDestroy
CreateMutexW
ReleaseMutex
MoveFileExW
SizeofResource
EnumResourceTypesW
WriteFile
EnumResourceNamesW
GetTempPathW
LockResource
LoadResource
FindResourceW
GetFileSize
FreeLibrary
LoadLibraryExW
SetFileAttributesW
Sleep
GetDriveTypeW
DeleteFileA
GetModuleFileNameW
GetFileAttributesW
CopyFileExW
GetModuleFileNameA
OpenFileMappingW
CreateFileMappingW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetVersionExW
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
GetSystemInfo
LoadLibraryW
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
SystemTimeToFileTime
GetSystemTime
FormatMessageA
FlushFileBuffers
SetEvent
FindFirstFileW
FindNextFileW
DeviceIoControl
FindClose
LocalAlloc
GetModuleHandleA
GetFileSizeEx
GetSystemDirectoryA
SetFilePointerEx
TerminateThread
QueueUserAPC
SleepEx
CreateThread
RtlUnwind
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
WriteConsoleW
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage

user32

GetProcessWindowStation
FindWindowExA
GetWindowThreadProcessId
MessageBoxW
wsprintfA
GetUserObjectInformationW

advapi32

RegQueryValueExA
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
RegOpenKeyExW
DuplicateTokenEx
SetThreadToken
OpenProcessToken
CryptGenRandom
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextW
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
CryptEnumProvidersW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertSidToStringSidA
RegCreateKeyExA
RegQueryValueExW
ConvertSidToStringSidW
RegOpenKeyExA
RegSetValueExA

shlwapi

SHDeleteValueW
StrCpyW
StrToInt64ExA
StrToIntExA
PathAppendW
PathFileExistsW
PathFileExistsA
wnsprintfA
wnsprintfW
SHSetValueA
PathIsNetworkPathW
wvnsprintfA
PathFindFileNameA
SHDeleteValueA

iphlpapi

GetAdaptersAddresses

netapi32

Netbios

ws2_32

closesocket
WSAIoctl
bind
send
WSAEnumNetworkEvents
WSAEventSelect
getpeername
getsockname
WSACloseEvent
ntohs
WSAStartup
WSACleanup
__WSAFDIsSet
select
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
WSACreateEvent
WSASetLastError
gethostname
inet_ntoa
gethostbyname
WSAGetLastError
setsockopt
htons
recv
connect
socket
getsockopt
ioctlsocket
getnameinfo
shutdown
inet_addr
accept

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CryptMsgClose
CertOpenStore
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CryptQueryObject

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExA
SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitialize

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DesDecryptFile
DesDtd
DesEncryptFile
DesGetFileMetaInfo
DesImportOfflinePolicy
DesIsFileEncrypted
DesRecordDecReason
DesRecordEnc
DesSetFileMetaInfo
FsGetFileTime2
GetConsoleServerHost
GetGlobalID
GetUid
GetUserSID
GetValueFromMMKV
GetValueFromMMKVEx
GetZenServerHost
ImageExtractFileIcon
ImpersonateExplorerToken
PeGetFileDigitalSign2
PeGetFileInfo2
ReleaseValueFromMMKV
SeSetPrivilege
SetValueToMMKV
SetValueToMMKVEx
xConfigDestroy
xConfigInit
xConfigSet

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 517KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8424a743164765adf955564b1f77a047

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

iphlpapi

netapi32

ws2_32

crypt32

wldap32

version

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 517KB - Virtual size: 516KB

.data Size: 46KB - Virtual size: 61KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 89KB - Virtual size: 88KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 517KB - Virtual size: 516KB

.data
Size: 46KB - Virtual size: 61KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 89KB - Virtual size: 88KB