91b8bde1f80cc202e20f20b02aa3ab487d4709b662eb82974c5309b18615e223

Sharing

Copy URL Twitter E-mail

General

Target

91b8bde1f80cc202e20f20b02aa3ab487d4709b662eb82974c5309b18615e223
Size

1.1MB
MD5

c02859193d38ac3c1ddee25d346e0a1d
SHA1

592b7cade18abe88f4099ff9b10b163232343eac
SHA256

91b8bde1f80cc202e20f20b02aa3ab487d4709b662eb82974c5309b18615e223
SHA512

f8dbb1cec0ff16bab5a4427ab1397204d868dbbbc9599460b7240ec40b69f6f685195e9c74f2ad7d95b31e394d9d65d795046720831bb3a261737ce17aa5669c
SSDEEP

24576:xfzRFNAIp41DLYLpEjZH3WJ6p5utSvYzqEAdsr10VfCsEYkx1T6:xfOIdOZH3WJ6pMtSv1EAdsr1mfCsEBxY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91b8bde1f80cc202e20f20b02aa3ab487d4709b662eb82974c5309b18615e223

Files

91b8bde1f80cc202e20f20b02aa3ab487d4709b662eb82974c5309b18615e223
.dll windows:5 windows x64 arch:x64

28e49c3e33d27f689e6c1e1542a62501

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\WorkshopAgent\DevelopProjX\TAuxMod\PreRelease\Bin\Release\TAuxMod64.pdb

Imports

kernel32

QueryDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
GetVolumeInformationA
GetLogicalDrives
GetDriveTypeW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetTempPathW
GetTempPathA
CopyFileA
MoveFileExA
CopyFileW
MoveFileExW
RemoveDirectoryW
DefineDosDeviceA
GetDriveTypeA
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
CreateThread
GetFileAttributesExW
GetModuleHandleW
CreateFileA
GetFileInformationByHandle
CloseHandle
GetModuleHandleA
GetCurrentThreadId
RemoveDirectoryA
CreateDirectoryW
CreateDirectoryA
DeleteFileW
GetFileAttributesW
SetFileAttributesW
LoadResource
FindResourceExA
lstrlenA
lstrlenW
GetVersionExA
LocalFree
FormatMessageA
GetACP
FormatMessageW
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
SleepEx
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
ReleaseMutex
CreateEventA
SetEvent
PulseEvent
ResetEvent
WaitForMultipleObjects
GetLocalTime
WriteFile
SetFilePointer
OutputDebugStringW
FreeConsole
WriteConsoleA
GetStdHandle
AllocConsole
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
WideCharToMultiByte
FlsSetValue
GetCommandLineA
GetSystemTimeAsFileTime
HeapFree
EncodePointer
QueryDosDeviceW
TlsAlloc
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
HeapSize
ExitProcess
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
LCMapStringA
FatalAppExitA
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
ReadFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
OpenFileMappingA
OpenMutexA
GetSystemInfo
LoadLibraryW
CreateProcessA
CreateProcessW
SuspendThread
ResumeThread
TerminateThread
SetPriorityClass
GetPriorityClass
SetThreadPriority
GetThreadPriority
VirtualQueryEx
MoveFileA
MoveFileW
lstrcmpA
LocalAlloc
DeleteFileA
GetFileAttributesA
SetFileAttributesA
GetProcessHeap
SetEndOfFile
CreateFileW
WaitNamedPipeW
OpenFileMappingW
GetExitCodeProcess
GetProcessTimes
FileTimeToSystemTime
OpenProcess
DecodePointer
FindFirstFileW
IsBadReadPtr
IsBadWritePtr
MultiByteToWideChar
GetModuleFileNameA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentDirectoryA
GetSystemDirectoryA
GetCurrentProcess
GetCurrentProcessId
SetLastError
GetLastError
GetProfileStringA
GetSystemDefaultLangID
GetVersion
LoadLibraryA
GetProcAddress
FreeLibrary
GetUserDefaultLangID
GlobalSize
GlobalLock
GlobalUnlock
GetTickCount
GlobalAlloc
RtlPcToFileHeader
GetExitCodeThread
GlobalFree

user32

GetUserObjectInformationW
GetSystemMetrics
MessageBoxW
MsgWaitForMultipleObjects
RegisterClipboardFormatW
CharToOemBuffA
OemToCharBuffA
GetWindowThreadProcessId
EnumClipboardFormats
CloseDesktop
OpenClipboard
EmptyClipboard
CloseClipboard
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetProcessWindowStation
OpenDesktopA
GetUserObjectInformationA
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
GetDesktopWindow

gdi32

CreateDCW
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectW
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateCompatibleDC
TextOutW

advapi32

RegCreateKeyExW
SetFileSecurityA
GetTokenInformation
LookupAccountSidW
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
GetUserNameA
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegConnectRegistryA
RegSetKeySecurity
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey

ws2_32

WSAGetLastError

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

TAuxModCallNext
TAuxModSetDtFrame
TCbdGetTransfer
TCbdGetTransferFormat
TCbdIsMarkup
TCbdIsStart
TCbdMarkup
TCbdQuery
TCbdRegister
TCbdResetCallbackDataCache
TCbdSetTransfer
TCbdStart
TCbdStop
TCbdUnRegister
TLPChangeStatus
TLPCheckCache
TLPPARegister
TLPPAUnRegister
TLPRegister
TLPStart
TLPStop
TLPUnRegister
TSptIsStart
TSptQuery
TSptRegister
TSptResetCallbackDataCache
TSptStart
TSptStop
TSptUnRegister

Sections

.text
Size: 719KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28e49c3e33d27f689e6c1e1542a62501

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ws2_32

version

Exports

Exports

Sections

.text Size: 719KB - Virtual size: 718KB

.rdata Size: 276KB - Virtual size: 276KB

.data Size: 85KB - Virtual size: 119KB

.pdata Size: 55KB - Virtual size: 54KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 719KB - Virtual size: 718KB

.rdata
Size: 276KB - Virtual size: 276KB

.data
Size: 85KB - Virtual size: 119KB

.pdata
Size: 55KB - Virtual size: 54KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB