e:\po\trunk\modules\filedp\Release\filedp32.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2906b36589f8d6d98b3346c5d3bbd9a3e3a1edf01b48cbe1de75e109f96a4077.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2906b36589f8d6d98b3346c5d3bbd9a3e3a1edf01b48cbe1de75e109f96a4077.dll
Resource
win10v2004-20240802-en
General
-
Target
2906b36589f8d6d98b3346c5d3bbd9a3e3a1edf01b48cbe1de75e109f96a4077
-
Size
261KB
-
MD5
b68043bbee45e24fc0885b8900fb100e
-
SHA1
6ede2d6a73ac824b80c5efb9e4218c81675d6d00
-
SHA256
2906b36589f8d6d98b3346c5d3bbd9a3e3a1edf01b48cbe1de75e109f96a4077
-
SHA512
f4b715d4251814e6efbfa88760631bff1bb4bfecdb5c0a1ea1bded8560c7206597bb844691c3c1f0a78dcc5d41c8f2955ce67445bf14cdadaa73658a12e7ab1f
-
SSDEEP
3072:WeW1AntqCt7AcyNQR67urx5KDahK44DYFjPkuQD9z88roLmH1WN9p2RVBRHHLn6:WeWCt7WyRtFYlXD6PGBwu16p2H3r6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2906b36589f8d6d98b3346c5d3bbd9a3e3a1edf01b48cbe1de75e109f96a4077
Files
-
2906b36589f8d6d98b3346c5d3bbd9a3e3a1edf01b48cbe1de75e109f96a4077.dll windows:5 windows x86 arch:x86
1a88e2a58ce4bfe7e09c8cb143420ebb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DisableThreadLibraryCalls
lstrcmpA
CreateThread
lstrcpyW
GetCurrentProcessId
DeleteFileW
CloseHandle
lstrcatW
lstrcmpiW
GetLocalTime
MoveFileW
lstrlenW
CreateFileW
GetModuleFileNameW
ReadFile
GetFileAttributesW
lstrcpynW
OutputDebugStringW
lstrcpyA
CopyFileW
Sleep
GetSystemDirectoryW
GetTickCount
MoveFileExW
SetFilePointer
GetFileSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
CreateFileA
VirtualQuery
CreateProcessW
InitializeCriticalSection
OpenProcess
LoadLibraryW
Process32FirstW
ProcessIdToSessionId
Module32FirstW
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
GetFileAttributesExW
Module32NextW
WriteConsoleW
user32
wsprintfA
shell32
SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderPathW
ord165
shlwapi
PathIsDirectoryW
PathRemoveFileSpecW
wnsprintfW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
wvnsprintfW
SHGetValueW
PathRemoveExtensionW
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
advapi32
OpenProcessToken
CreateProcessAsUserW
ole32
CoCreateGuid
Exports
Exports
RunAsUser
Sections
.text Size: 194KB - Virtual size: 193KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ