9113a9a30d31b9ac18a21b72759e51f5b5d87f8af2552469b81cba838a5ac48f

Sharing

Copy URL Twitter E-mail

General

Target

9113a9a30d31b9ac18a21b72759e51f5b5d87f8af2552469b81cba838a5ac48f
Size

1.9MB
MD5

88583209d863aac4868dea1ae2717f4b
SHA1

d233072d7020f9bf4a65c112757d44799a55fdfa
SHA256

9113a9a30d31b9ac18a21b72759e51f5b5d87f8af2552469b81cba838a5ac48f
SHA512

8dd74e784e55a5140d25acfb9732c72a8cdd3e6fe9932238d3f0f7f079d2117f605a5552a218339dd441e34ca3c6f06eefceb70670c45db013a0c48c8009dc7f
SSDEEP

24576:95JfuTFibsPn5qoRdWo+eVXMoX7vcH5g5PNYMg7lc9Y7hHkLvTkdbdDTG8uPCkH1:DwJntFWxH0PY7W9ZvTWdG8uPCkH9nLz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9113a9a30d31b9ac18a21b72759e51f5b5d87f8af2552469b81cba838a5ac48f

Files

9113a9a30d31b9ac18a21b72759e51f5b5d87f8af2552469b81cba838a5ac48f
.dll windows:5 windows x86 arch:x86

71d5148e3f0ddc6c57676342ac9092c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build\xra_common\curlbase\bin\Release\curlbase.pdb

Imports

kernel32

ResetEvent
SetWaitableTimer
CancelWaitableTimer
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedCompareExchange
GetCurrentProcess
DuplicateHandle
CreateWaitableTimerW
GlobalAlloc
GlobalFree
DecodePointer
GetCurrentThreadId
CreateFileW
GetTickCount
GetModuleFileNameA
CreateEventW
CloseHandle
WriteFile
WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
FindResourceW
SizeofResource
EnterCriticalSection
LoadResource
GetLastError
GlobalMemoryStatus
ConvertThreadToFiber
ConvertFiberToThread
FindFirstFileW
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleA
SetConsoleMode
GetEnvironmentVariableW
SystemTimeToFileTime
GetSystemTime
InitializeCriticalSectionAndSpinCount
ResumeThread
GetThreadIOPendingFlag
GetCurrentThread
GetProcAddress
FreeLibrary
SetEvent
InterlockedExchange
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
GetModuleFileNameW
WaitForMultipleObjects
GetFileAttributesExW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExA
FindClose
GetFullPathNameW
GetCurrentDirectoryW
WriteConsoleW
SetEndOfFile
SetStdHandle
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
ReadConsoleW
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
FormatMessageW
EncodePointer
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetCurrentProcessId
InitializeCriticalSection
Sleep
SleepEx
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
ExpandEnvironmentStringsA
FormatMessageA
VerSetConditionMask
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
VerifyVersionInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
FlushFileBuffers
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
DeleteFileW
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
SetErrorMode

user32

PeekMessageW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
MsgWaitForMultipleObjectsEx
DispatchMessageW
TranslateMessage
PostQuitMessage
wsprintfW

advapi32

CryptEnumProvidersW
CryptReleaseContext
CryptDestroyKey
CryptGenRandom
CryptDecrypt
DeregisterEventSource
RegisterEventSourceW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
ReportEventW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptAcquireContextW

shell32

SHCreateDirectoryExW

ole32

CoUninitialize
CoInitialize

shlwapi

PathFileExistsA
PathRemoveFileSpecA
StrStrIW
PathAppendA
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

ws2_32

send
recv
WSAGetLastError
WSACleanup
__WSAFDIsSet
getnameinfo
WSAStartup
sendto
ioctlsocket
gethostname
socket
select
WSASetLastError
recvfrom
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
listen
WSAIoctl
getaddrinfo
freeaddrinfo
shutdown
accept
bind

wldap32

ord33
ord79
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord301
ord200
ord30
ord46
ord217
ord143
ord35

rasapi32

RasEnumConnectionsW
RasGetConnectStatusW

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore

Exports

Exports

HttpInit
HttpUninit
zlib_compress
zlib_compressBound
zlib_uncompress

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71d5148e3f0ddc6c57676342ac9092c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

wldap32

rasapi32

crypt32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 441KB - Virtual size: 440KB

.data Size: 39KB - Virtual size: 53KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 66KB - Virtual size: 66KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 441KB - Virtual size: 440KB

.data
Size: 39KB - Virtual size: 53KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 66KB - Virtual size: 66KB