05ab428fc0b171957e9144351a7480cfea2f617f20dd23c145736bd0a22eb041

Sharing

Copy URL Twitter E-mail

General

Target

05ab428fc0b171957e9144351a7480cfea2f617f20dd23c145736bd0a22eb041
Size

4.8MB
MD5

c54c58484c9dfd9867ab157b8e3131d9
SHA1

4d0b51e58686b273e7f186ce5814abf28c9029df
SHA256

05ab428fc0b171957e9144351a7480cfea2f617f20dd23c145736bd0a22eb041
SHA512

6538253e19255ed4ade77f99df16f5b0ab73d07b85fc4ab8662b3cf752fb8a3530032e6d180f02fef9aa448b9ccb4147db8243bab83248f269c21780dec99995
SSDEEP

98304:7JdnPPSZxVhU2ygPHHQ74ciwRmAd8+/4QOHF:7zPd21RciIlx/

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05ab428fc0b171957e9144351a7480cfea2f617f20dd23c145736bd0a22eb041

Files

05ab428fc0b171957e9144351a7480cfea2f617f20dd23c145736bd0a22eb041
.dll windows:6 windows x86 arch:x86

1b5e77c58dce0e3a93fb3518fde72ee6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\postman\Desktop\NZT\ProjectD_cpprest\CleanUp\Release\CleanUp.pdb

Imports

kernel32

WaitForMultipleObjects
TerminateThread
QueueUserAPC
SetEvent
SleepEx
GetSystemTimeAsFileTime
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
WaitForSingleObject
CreateWaitableTimerW
GetComputerNameW
GetModuleHandleW
GetProcAddress
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateEventW
LocalFree
WideCharToMultiByte
FormatMessageW
FormatMessageA
GetLastError
CreateMutexW
GetModuleFileNameA
GetModuleHandleExA
ReadFile
GetStdHandle
WriteFile
ExitProcess
CreateProcessW
ExitThread
CloseHandle
TerminateProcess
OpenProcess
SetHandleInformation
CreatePipe
CreateThread
GetProcessHeap
HeapAlloc
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetLastError
Sleep
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
HeapSize
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
HeapFree
GetModuleFileNameW
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
FreeLibraryAndExitThread
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetCurrentProcessId
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualFree
SwitchToFiber
DeleteFiber
CreateFiberEx
GetSystemTime
SystemTimeToFileTime
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
GetModuleHandleExW
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
InitializeCriticalSection
ReleaseSemaphore
GetExitCodeThread
CreateSemaphoreA
GetEnvironmentVariableW
GetACP
GetFileType
ConvertFiberToThread
ConvertThreadToFiberEx
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetStringTypeW
RaiseException
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionEx
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
SetEndOfFile

crypt32

CertOpenStore
CertCloseStore
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore

advapi32

CryptAcquireContextW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
RegisterEventSourceW
ReportEventW
GetUserNameW

netapi32

NetUserGetInfo
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
NetApiBufferFree

iphlpapi

GetAdaptersAddresses

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

shell32

ShellExecuteExW

ws2_32

htons
htonl
sendto
recvfrom
getsockname
getpeername
send
recv
inet_ntop
connect
WSACleanup
inet_ntoa
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
WSARecv
select
ioctlsocket
closesocket
WSAGetLastError
setsockopt
getsockopt
WSASetLastError
ntohs
gethostbyaddr
inet_addr
gethostbyname
getservbyport
getservbyname
shutdown
socket
WSAStartup

Exports

Exports

Test

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 651KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

code
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1b5e77c58dce0e3a93fb3518fde72ee6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

crypt32

advapi32

netapi32

iphlpapi

user32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 651KB - Virtual size: 651KB

.data Size: 34KB - Virtual size: 57KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 128KB - Virtual size: 127KB

code Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 651KB - Virtual size: 651KB

.data
Size: 34KB - Virtual size: 57KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 128KB - Virtual size: 127KB

code
Size: 1.4MB - Virtual size: 1.4MB