fa8770dd5c9b8f38f7d3046c2d47bc93a14c1a3ea63557997b07d14f481b3f59

Sharing

Copy URL Twitter E-mail

General

Target

fa8770dd5c9b8f38f7d3046c2d47bc93a14c1a3ea63557997b07d14f481b3f59
Size

653KB
MD5

8aaa21506f40ebe5a3f853cabb8eec5b
SHA1

81e6a44f7c9a362544201fe317a6d5a4d018f235
SHA256

fa8770dd5c9b8f38f7d3046c2d47bc93a14c1a3ea63557997b07d14f481b3f59
SHA512

228455e73eba2542ecd40cbcf90bec7a89015642070c5f4da96d9b226c898523d2019b81670702e4715aef915ebd79bc62e632e16f0fe9486a7f12ea620ff8bc
SSDEEP

12288:cItJF5zEy28jQ6JbEDAvFyQTWYODX8peJqwWd:cIHzB3YEIQTkD+eqwWd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa8770dd5c9b8f38f7d3046c2d47bc93a14c1a3ea63557997b07d14f481b3f59

Files

fa8770dd5c9b8f38f7d3046c2d47bc93a14c1a3ea63557997b07d14f481b3f59
.dll windows:6 windows x64 arch:x64

9143539dc17606edb50b234ab13739a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

P:\work\processhacker\bin\Release64\plugins\NetworkTools.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhCreateBytesEx
PhConvertUtf8ToUtf16
PhReAllocate
PhFinalStringBuilderString
PhfEndInitOnce
PhAppendFormatStringBuilder
PhGetWindowText
PhInitializeStringBuilder
PhCountStringZ
PhTrimStringRef
PhDereferenceObject
PhExpandEnvironmentStrings
PhGetStringSetting
PhEqualStringRef
PhConvertUtf8ToUtf16Ex
PhGetKnownLocation
PhPluginGetObjectExtension
PhGetPluginCallback
PhRegisterPlugin
PhPluginAddTreeNewColumn
PhRegisterCallback
PhCreateCacheFile
PhQuerySystemTime
PhFormatSize
PhDeleteFileWin32
PhConcatStrings2
WindowsVersion
PhGetPhVersionNumbers
PhConvertUtf16ToUtf8
PhCreateFileWin32
PhQueryRegistryString
PhOpenKey
PhDeleteCacheFile
PhShellExecute
PhAddEntryHashtable
PhCreateList
PhSetControlTheme
PhSetIntegerPairSetting
PhClearList
PhCmLoadSettings
PhfBeginInitOnce
PhLoadPngImageFromResource
PhPluginSetObjectExtension
PhGetGeneralCallback
PhAddSettings
PhCompareStringRef
PhPluginCreateEMenuItem
PhaChoiceDialog
PhCreateString
PhInsertEMenuItem
PhCenterWindow
PhGetIntegerSetting
PhSetIntegerSetting
PhGetStatisticsTimeString
PhLayoutManagerLayout
PhProcessesUpdatedEvent
PhLoadIcon
PhInitializeWorkQueue
PhInstanceHandle
PhFree
PhInitializeAutoPool
PhSetGraphText
PhDeleteWorkQueue
PhAutoDereferenceObject
PhFormatString_V
PhAddLayoutItem
PhCreateThread2
PhQueueItemWorkQueue
PhDrainAutoPool
PhCreateStringEx
PhLoadWindowPlacementFromSetting
PhAddLayoutItemEx
PhGetIntegerPairSetting
PhGraphStateGetDrawInfo
PhGlobalDpi
PhDeleteGraphState
PhDeleteTreeNewColumnMenu
PhAddItemList
PhHandleTreeNewColumnMenu
PhInitializeTreeNewColumnMenu
PhClearHashtable
PhCreateHashtable
PhSetStringSetting2
PhUnregisterCallback
PhSiSetColorsGraphDrawInfo
PhConvertUtf16ToMultiByte
PhDeleteAutoPool
PhCmSaveSettings
PhFindEntryHashtable
PhFormatUInt64
PhGetTreeNewText
PhCreateEMenuItem
PhCreateEMenu
PhHandleCopyCellEMenuItem
PhSetClipboardString
PhShowEMenu
PhFindStringInStringRef
PhDestroyEMenu
PhReferenceObject
PhInsertCopyCellEMenuItem
PhCreateAlloc
PhShellProcessHacker
PhGetGlobalWorkQueue
PhGetOwnTokenAttributes
PhMainWndHandle
PhInitializeLayoutManager
PhGenerateRandomAlphaString
PhDeleteLayoutManager
PhFormatString
PhApplicationFont
PhAllocate
PhSaveWindowPlacementToSetting
PhDivideSinglesBySingle
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlDoesFileExists_U
NtClose
NtWriteFile
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
RtlVirtualUnwind
RtlUnwindEx

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStdHandle
GetACP
LCMapStringW
HeapAlloc
HeapFree
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
GetConsoleCP
ReadConsoleW
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
GetFileType
SetFilePointerEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
FlushFileBuffers
HeapSize
HeapReAlloc
GetConsoleMode
FindClose
GetLastError
WriteFile
ReadFile
LoadLibraryW
MapViewOfFile
GetFileSize
CreateFileMappingA
CloseHandle
UnmapViewOfFile
CreateFileW

user32

PostQuitMessage
DrawIconEx
DrawTextW
DestroyIcon
IsWindowVisible
IsIconic
EnableWindow
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
GetPropW
SetWindowLongPtrW
CreateWindowExW
SendMessageW
RemovePropW
SetWindowTextW
GetWindowLongPtrW
ShowWindow
DispatchMessageW
IsDialogMessageW
SetDlgItemTextW
SetPropW
TranslateMessage
GetDlgItem
DialogBoxParamW
SystemParametersInfoW
SetForegroundWindow
InvalidateRect
EndDialog
GetDlgItemInt
SetDlgItemInt
GetParent
CreateIconIndirect

gdi32

CreateFontW
SelectObject
CreateCompatibleBitmap
CreateICW
DeleteObject
DeleteDC

comctl32

ord345

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9143539dc17606edb50b234ab13739a7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

uxtheme

processhacker.exe

ntdll

kernel32

user32

gdi32

comctl32

Sections

.text Size: 169KB - Virtual size: 168KB

.rdata Size: 210KB - Virtual size: 209KB

.data Size: 104KB - Virtual size: 109KB

.pdata Size: 8KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 256B

.rsrc Size: 145KB - Virtual size: 144KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 169KB - Virtual size: 168KB

.rdata
Size: 210KB - Virtual size: 209KB

.data
Size: 104KB - Virtual size: 109KB

.pdata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 256B

.rsrc
Size: 145KB - Virtual size: 144KB

.reloc
Size: 15KB - Virtual size: 14KB