0f92c193360ad9bbe1760f8395fc4c3a6342a5bb3bc94966e40c589ce24b4c9e

Sharing

Copy URL Twitter E-mail

General

Target

0f92c193360ad9bbe1760f8395fc4c3a6342a5bb3bc94966e40c589ce24b4c9e
Size

77KB
MD5

50c2ea9d1ed1ce3826f7edf61f0bb14b
SHA1

72eb00795f55af5b1920931c6c5061aa5bd59b5e
SHA256

0f92c193360ad9bbe1760f8395fc4c3a6342a5bb3bc94966e40c589ce24b4c9e
SHA512

40cc054d638ef96fa2e1c668c4d2ceaa6bb4eabf41ac04c8612527a453595d188021332ba5207ef62aced277970593408102a6f63ec73280410947940cc0c21b
SSDEEP

768:H/pRjzGFVyi9WCCTVVQ/MnzmKGMrX0RLE2RNwcOTZ/BHjb33J33XtZZFrZZZVDdL:HS8xVVnZkRLxRNR5H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f92c193360ad9bbe1760f8395fc4c3a6342a5bb3bc94966e40c589ce24b4c9e

Files

0f92c193360ad9bbe1760f8395fc4c3a6342a5bb3bc94966e40c589ce24b4c9e
.dll windows:6 windows x64 arch:x64

579f52f57e43aa6ff0d07e88af5d0ff5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nsi.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
NtTerminateProcess
RtlNtStatusToDosError
NtWaitForSingleObject
NtDeviceIoControlFile
memset

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

CreateEventA

Exports

Exports

NsiAllocateAndGetPersistentDataWithMaskTable
NsiAllocateAndGetTable
NsiCancelChangeNotification
NsiDeregisterChangeNotification
NsiDeregisterChangeNotificationEx
NsiEnumerateObjectsAllParameters
NsiEnumerateObjectsAllParametersEx
NsiEnumerateObjectsAllPersistentParametersWithMask
NsiFreePersistentDataWithMaskTable
NsiFreeTable
NsiGetAllParameters
NsiGetAllParametersEx
NsiGetAllPersistentParametersWithMask
NsiGetObjectSecurity
NsiGetParameter
NsiGetParameterEx
NsiRegisterChangeNotification
NsiRegisterChangeNotificationEx
NsiRequestChangeNotification
NsiRequestChangeNotificationEx
NsiSetAllParameters
NsiSetAllParametersEx
NsiSetAllPersistentParametersWithMask
NsiSetObjectSecurity
NsiSetParameter
NsiSetParameterEx

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ɇ~�
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

579f52f57e43aa6ff0d07e88af5d0ff5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-synch-l1-1-0

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 528B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 12B

ɇ~� Size: 64KB - Virtual size: 64KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 528B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 12B

ɇ~�
Size: 64KB - Virtual size: 64KB