pconsnap[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

pconsnap.dll
Size

1.1MB
MD5

6e0afac370ae92f1c51a4d1f1b2964f2
SHA1

199a3f3563074fcf6145afa3c2aa2c7adf448e8c
SHA256

507066f487ea037bde2e91158a63113585776fe0c13cfa7fe6252ae58e89a59a
SHA512

bdf2c898a2a0b25afd7bd226efb1db60587d31dec2445dd8714235395cb1f6fff74a5f48c494a5b0a2cfe5a2faac4881c784c7e5e6c482da139fc694e909b763
SSDEEP

12288:3fzoOCLlllOERGpn3wRajZqKdunse5rXOBrFN3wejr2JQ1Z0qc6C9sa2Z:3fzoh/YUfKGsCOBrFNVjr2KZbcts

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pconsnap.dll

Files

pconsnap.dll
.dll windows:6 windows x64 arch:x64

ffd6d32b4fdce0045e5d1f147758932a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa
WSACleanup
inet_addr

kernel32

lstrlenW
GetComputerNameW
GetLocaleInfoW
CreateFileA
DeleteFileW
WriteFile
GlobalUnlock
GlobalLock
GetTickCount
lstrcmpW
lstrcpyW
HeapAlloc
HeapFree
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
GlobalAlloc
GlobalFree
WideCharToMultiByte
WaitForSingleObject
CreateThread
GetComputerNameA
SetLastError
GetProcessHeap
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
LoadLibraryA
IsBadReadPtr
GetHandleInformation
GetProcessId
GetModuleHandleW
CreateFileW
ReadFile
SetFilePointer
SystemTimeToFileTime
MultiByteToWideChar
lstrcmpiW
GetLocalTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FileTimeToSystemTime
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
LocalFree
LocalReAlloc
LocalAlloc
LoadLibraryW
GetProcAddress
FreeLibrary
GetWindowsDirectoryW
GetTickCount64
OpenProcess
GetCurrentProcessId
RtlUnwind
Sleep
InitializeCriticalSectionEx
GetLastError
CloseHandle
GetFileSize
CompareStringW
LCMapStringW
IsValidCodePage
FindNextFileW
FindFirstFileExW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FindClose
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
GetFileType
GetStdHandle
EnumSystemLocalesW
GetModuleFileNameW
GetModuleHandleExW
IsValidLocale
GetFileInformationByHandle
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
MoveFileExW
QueryPerformanceFrequency
GetFileAttributesExW
ExitProcess
GetUserDefaultLCID

user32

EnumDisplayDevicesW
OpenWindowStationW
OpenDesktopW
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetDesktopWindow
SetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
EnumDisplaySettingsW

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateDCW
BitBlt

advapi32

DeleteService
LookupAccountSidW
EnumDependentServicesW
QueryServiceStatus
LockServiceDatabase
GetServiceDisplayNameW
GetServiceKeyNameW
EnumServicesStatusExW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

oleaut32

OleCreatePictureIndirect
VariantChangeType
SysAllocString
VariantInit
SysFreeString
VariantClear

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromFile
GdipSaveImageToFile
GdipCloneImage
GdipDisposeImage

netapi32

NetConnectionEnum
NetServerEnum

iphlpapi

DeleteIpNetEntry

Sections

.text
Size: 999KB - Virtual size: 999KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffd6d32b4fdce0045e5d1f147758932a

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

netapi32

iphlpapi

Sections

.text Size: 999KB - Virtual size: 999KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 9KB - Virtual size: 38KB

.pdata Size: 22KB - Virtual size: 21KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 999KB - Virtual size: 999KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 9KB - Virtual size: 38KB

.pdata
Size: 22KB - Virtual size: 21KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 3KB - Virtual size: 3KB