8b3426fefc9ea58437dfb0b63378919a8eadf67f2239b166a6d5e4f49c761a18

Sharing

Copy URL Twitter E-mail

General

Target

8b3426fefc9ea58437dfb0b63378919a8eadf67f2239b166a6d5e4f49c761a18
Size

82KB
MD5

e38bbd93b7c0e776a2fd366d2fc13fb4
SHA1

8e28d22d9adf68d15ba6151a9b66d7ad6e2e595a
SHA256

8b3426fefc9ea58437dfb0b63378919a8eadf67f2239b166a6d5e4f49c761a18
SHA512

adf426cd47a06f92081cf6735dca7f42438b6ed6c93237f673a6e5e78f4d6a2e8513033ff57bce36449f8ea0d92fbd3777a48be3e1f23420540cdda0ee2f9e3f
SSDEEP

768:AdQjS+eKzx9+MQ4sbvscC7h6G2saYxF98A2db1cFi:Aaunex9+MIrscC6fsagF98A4eFi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b3426fefc9ea58437dfb0b63378919a8eadf67f2239b166a6d5e4f49c761a18

Files

8b3426fefc9ea58437dfb0b63378919a8eadf67f2239b166a6d5e4f49c761a18
.dll windows:6 windows x64 arch:x64

690cce63d22e22d9aa225c4a9290b2c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

avrt.pdb

Imports

ntdll

RtlAllocateHeap
RtlMultiByteToUnicodeN
RtlFreeHeap
NtSetInformationThread
NtClose
RtlNtStatusToDosError
RtlInitUnicodeStringEx
RtlLengthRequiredSid
RtlCreateServiceSid
RtlInitializeSid
RtlSubAuthoritySid
RtlCreateBoundaryDescriptor
RtlAddSIDToBoundaryDescriptor
NtOpenPrivateNamespace
NtOpenEvent
RtlMultiByteToUnicodeSize
NtAlpcConnectPort
NtOpenKey
NtQueryValueKey
NtDelayExecution
NtWaitForSingleObject
NtAlpcSendWaitReceivePort
RtlEncodePointer
RtlDecodePointer
NtSetEvent
NtCreateEvent
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
RtlAllocateAndInitializeSid
RtlFreeSid
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlUnhandledExceptionFilter
NtTerminateProcess
RtlDeleteBoundaryDescriptor
memset
__C_specific_handler

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW

Exports

Exports

AvQuerySystemResponsiveness
AvRevertMmThreadCharacteristics
AvRtCreateThreadOrderingGroup
AvRtCreateThreadOrderingGroupExA
AvRtCreateThreadOrderingGroupExW
AvRtDeleteThreadOrderingGroup
AvRtJoinThreadOrderingGroup
AvRtLeaveThreadOrderingGroup
AvRtWaitOnThreadOrderingGroup
AvSetMmMaxThreadCharacteristicsA
AvSetMmMaxThreadCharacteristicsW
AvSetMmThreadCharacteristicsA
AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

5C��
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

690cce63d22e22d9aa225c4a9290b2c4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-management-l1-1-0

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 492B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 12B

5C�� Size: 64KB - Virtual size: 64KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 492B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 12B

5C��
Size: 64KB - Virtual size: 64KB