69d7548eb93e5e84cbfc5cdaf55b13a72936287d68a8b082418f8c1ab0ec6d92

Sharing

Copy URL Twitter E-mail

General

Target

69d7548eb93e5e84cbfc5cdaf55b13a72936287d68a8b082418f8c1ab0ec6d92
Size

197KB
MD5

97078670f1f49359ac1f3e2ad9eedd1d
SHA1

53bd1d4562f6678d256f8980323a8207157d6444
SHA256

69d7548eb93e5e84cbfc5cdaf55b13a72936287d68a8b082418f8c1ab0ec6d92
SHA512

69f827d80138a8effa6571a9d1beb38d95aa9815c7ca82a25d5c24dfffdd9fdff36ea48da8e3f30e90c2c58e7b1cf9abf6efb2d4bf09322df9d98f566a20bf18
SSDEEP

3072:5P9MgzxvvYoBgabnd2fMpfpWSq/Ab8Wf56U2i2lQBV+UdE+rECWp7hKH:XMgzx5+ard26fTPf4oBV+UdvrEFp7hKH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69d7548eb93e5e84cbfc5cdaf55b13a72936287d68a8b082418f8c1ab0ec6d92

Files

69d7548eb93e5e84cbfc5cdaf55b13a72936287d68a8b082418f8c1ab0ec6d92
.dll windows:5 windows x86 arch:x86

65c650af8c7ebe25adb197828692cf3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Project\dtl_dep\PC\driverthelife8\trunk\dtldevapi\trunk\Release\dtldevapi.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
CreateFileA
SetFilePointer
LeaveCriticalSection
InterlockedExchange
GetModuleFileNameA
DeleteFileA
GetFileSize
CloseHandle
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
GetCurrentProcessId
WriteFile
GetLastError
GetProcAddress
GetModuleHandleW
GetCurrentProcess
OutputDebugStringW
LoadLibraryW
FreeLibrary
GetVersionExW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GetModuleFileNameW
GetTickCount
DecodePointer
WriteConsoleW
SetFilePointerEx
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EncodePointer
RaiseException
InterlockedFlushSList
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
CreateFileW

shell32

ShellExecuteExW

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

Exports

Exports

CopyOEMInf
DisableDevice
EnableDevice
GetDeviceStatus
RemoveDevice
Rescan
RestartDevice
UpdateDeviceDriverByInf

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65c650af8c7ebe25adb197828692cf3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 256B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 256B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB