97a4a720612f821e9942402368f964707955075c2a899dd11f2e935985dc19d6

Sharing

Copy URL Twitter E-mail

General

Target

97a4a720612f821e9942402368f964707955075c2a899dd11f2e935985dc19d6
Size

500KB
MD5

ee3f80dc2e51804ef37e711f97c99f39
SHA1

e8444581ff810536ede566d9e0f21f2ccef43e7c
SHA256

97a4a720612f821e9942402368f964707955075c2a899dd11f2e935985dc19d6
SHA512

f16d78bb4765d88bd2ff3e8d18f2cf087b65a6c571542d68e42d735915308fe532b79bec91b41bcd31d427341e268666b6c948e38d022c5b47912575f906d4a7
SSDEEP

6144:nmt4Cebckg94bZOwxDHR7rUoF0ehF7pCEWCBLOMw6iC0:muCe96OBxweVColTjiV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97a4a720612f821e9942402368f964707955075c2a899dd11f2e935985dc19d6

Files

97a4a720612f821e9942402368f964707955075c2a899dd11f2e935985dc19d6
.dll windows:5 windows x64 arch:x64

d213f67a741a5ca0785f21d9febe9fa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\sscanner\Release\sscanner64.pdb

Imports

kernel32

lstrcmpiW
GetFileAttributesW
GetTickCount
CreateThread
GetCurrentProcessId
GetLocalTime
GetModuleFileNameW
Sleep
SetEvent
LocalFree
FileTimeToLocalFileTime
LocalAlloc
FileTimeToSystemTime
DeleteFileW
CloseHandle
GetProcAddress
GetLastError
GetTempPathW
LoadLibraryW
GetModuleHandleW
WaitForSingleObject
GetVersionExW
lstrcpyW
lstrcpynW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
HeapDestroy
HeapCreate
HeapSetInformation
ExitProcess
HeapSize
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
DisableThreadLibraryCalls
lstrcmpiA
lstrcmpA
lstrlenW
SetLastError
GetModuleHandleA
GetCurrentThreadId
lstrcpyA
CreateFileA
FindFirstFileW
lstrlenA
VirtualQuery
lstrcpynA
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
GetLogicalDrives
WriteFile
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
LeaveCriticalSection
TerminateProcess
ReadFile
CreateFileW
GetACP
lstrcmpW
MultiByteToWideChar
GetCurrentDirectoryW
EnterCriticalSection
FindClose
LoadLibraryA
Process32FirstW
CreateEventW
QueryDosDeviceW
Module32FirstW
Process32NextW
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
GetWindowsDirectoryW
OutputDebugStringW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc
GetSystemTimeAsFileTime
GetStdHandle
GetModuleFileNameA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo

advapi32

SetEntriesInAclW
FreeSid
ControlService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceW
QueryServiceStatus
AllocateAndInitializeSid
LogonUserW
GetUserNameW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
EnumServicesStatusW
QueryServiceConfigW

shell32

ShellExecuteExW
ord165
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid

netapi32

NetUserSetInfo
NetApiBufferFree
NetUserGetInfo

iphlpapi

GetExtendedTcpTable

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CertGetNameStringW

shlwapi

StrStrW
PathFindFileNameW
StrStrIW
PathFileExistsW
PathAppendW
PathMatchSpecW
StrCatBuffW
StrCatW
StrCmpNIA
StrChrA
SHSetValueW
StrCmpNIW
SHGetValueW
StrChrW
wvnsprintfW
wnsprintfA
wvnsprintfA
PathIsDirectoryW
wnsprintfW
PathRemoveFileSpecW

ws2_32

htons
inet_ntoa

psapi

GetProcessImageFileNameW

Exports

Exports

DbgProc

Sections

.text
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d213f67a741a5ca0785f21d9febe9fa1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

netapi32

iphlpapi

wintrust

crypt32

shlwapi

ws2_32

psapi

Exports

Exports

Sections

.text Size: 353KB - Virtual size: 352KB

.rdata Size: 105KB - Virtual size: 105KB

.data Size: 13KB - Virtual size: 25KB

.pdata Size: 23KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 353KB - Virtual size: 352KB

.rdata
Size: 105KB - Virtual size: 105KB

.data
Size: 13KB - Virtual size: 25KB

.pdata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB