9a3cb2928ec08bd12c009fd5eb98bda3bfdad5be76d7fba7b529c797ade487b6

Sharing

Copy URL Twitter E-mail

General

Target

9a3cb2928ec08bd12c009fd5eb98bda3bfdad5be76d7fba7b529c797ade487b6
Size

1.1MB
MD5

0f655fb6ec4d98e70211c1de4fb18f49
SHA1

8a2612ecef2ef66e27f1236933f78cdcfa2c9a81
SHA256

9a3cb2928ec08bd12c009fd5eb98bda3bfdad5be76d7fba7b529c797ade487b6
SHA512

eb82d31ae79f38f0e439210a2d45cbb00686c2d0c406dfe21b5760392e19b387e7a16cbf8acaf18cdac4a971613edafed13d922b6a52dba44e0c49e38c3f4104
SSDEEP

24576:Z8Mz3Ia2cP39hpbOIdakyqfnOGSR4CCI5sr6CR7ce4YGyjLSwGT7A5Zs0:WTUZyvR4CC8sGre4YNnGTQ+0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a3cb2928ec08bd12c009fd5eb98bda3bfdad5be76d7fba7b529c797ade487b6

Files

9a3cb2928ec08bd12c009fd5eb98bda3bfdad5be76d7fba7b529c797ade487b6
.dll windows:6 windows x86 arch:x86

5d803c2873f2962fc2918f6bc0878e1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\projectsJ\nfsdk2_1.6\protocolfilters\build\release_demo\win32\protocolfilters.pdb

Imports

kernel32

ProcessIdToSessionId
FreeLibrary
GetVersion
LoadLibraryA
CreateEventA
CreateMutexA
SetEvent
GetLastError
GetFileAttributesW
DeleteFileW
CreateDirectoryW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetTempFileNameW
CreateProcessW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetShortPathNameW
FindNextFileW
FindFirstFileW
FindClose
GetProcAddress
ExpandEnvironmentStringsW
GetFileAttributesExW
LoadLibraryW
OutputDebugStringW
CreateFileW
WriteConsoleW
GetTimeZoneInformation
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
HeapSize
AreFileApisANSI
GetModuleHandleExW
ExitProcess
SetStdHandle
GetCurrentProcessId
GetModuleFileNameW
GetConsoleCP
WriteFile
GetFileType
GetStdHandle
SetFilePointerEx
SetFilePointer
ReadConsoleW
GetConsoleMode
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetSystemTimeAsFileTime
MoveFileExW
LoadLibraryExW
ExitThread
GetCurrentThreadId
CreateThread
HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc
SetEndOfFile
GetTempPathA
ReadFile
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
RaiseException
GetStringTypeW
MultiByteToWideChar
DecodePointer
EncodePointer
InterlockedExchange
Sleep
WideCharToMultiByte
SetEnvironmentVariableA

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
LookupAccountSidA
LookupAccountSidW
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
RegEnumKeyExW

crypt32

CertCloseStore
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertEnumCertificatesInStore
CertSetCertificateContextProperty
CertOpenSystemStoreA
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFindCertificateInStore
CertAddCertificateContextToStore
CertOpenStore
PFXExportCertStoreEx

libssl-3

SSL_CTX_set_security_level
SSL_CTX_enable_ct
SSL_set_accept_state
SSL_set_connect_state
TLS_client_method
TLS_server_method
SSL_free
SSL_new
SSL_CTX_get_default_passwd_cb_userdata
SSL_CTX_get_default_passwd_cb
SSL_CTX_use_certificate
SSL_CTX_use_PrivateKey
SSL_set_bio
SSL_CTX_new
SSL_CTX_set_options
SSL_get0_peer_scts
SSL_get_session
SSL_client_version
SSL_version
SSL_get_shutdown
SSL_shutdown
SSL_renegotiate_pending
SSL_renegotiate
SSL_do_handshake
SSL_get_ciphers
SSL_get_error
SSL_CTX_callback_ctrl
SSL_CTX_ctrl
SSL_ctrl
SSL_write
SSL_read
SSL_connect
SSL_accept
SSL_get_peer_cert_chain
SSL_get1_peer_certificate
SSL_set_session
SSL_set_verify
SSL_set_cipher_list
SSL_CIPHER_get_name
SSL_CTX_set_cipher_list
SSL_is_init_finished
SSL_get_servername
SSL_get0_alpn_selected
SSL_CTX_set_alpn_select_cb
SSL_set_alpn_protos
SSL_select_next_proto
SSL_CTX_set_client_cert_cb
OPENSSL_init_ssl
SSL_get1_session
SSL_SESSION_free
SSL_CTX_free
SSL_CTX_up_ref

libcrypto-3

X509_STORE_free
X509_STORE_CTX_new
X509_STORE_CTX_free
X509_STORE_CTX_init
X509_STORE_add_cert
X509_STORE_load_locations
X509_STORE_CTX_get_error
X509_verify_cert_error_string
X509_sign
X509_digest
X509_cmp_time
X509_gmtime_adj
X509_EXTENSION_free
X509_new
EVP_sha256
X509_get_signature_nid
X509_NAME_oneline
X509_set_version
X509_set_serialNumber
X509_get_serialNumber
X509_set_issuer_name
X509_get_issuer_name
X509_set_subject_name
X509_get_subject_name
X509_getm_notBefore
X509_set1_notBefore
X509_getm_notAfter
X509_set1_notAfter
X509_set_pubkey
X509_NAME_get_index_by_NID
X509_NAME_get_entry
X509_NAME_delete_entry
X509_NAME_add_entry_by_txt
X509_NAME_ENTRY_get_data
X509_get_ext_by_NID
X509_get_ext
X509_delete_ext
X509_add_ext
X509_get_ext_d2i
X509_find_by_subject
PEM_write_bio_X509_AUX
X509V3_EXT_conf_nid
X509_STORE_new
AES_set_encrypt_key
AES_set_decrypt_key
AES_cbc_encrypt
OCSP_cert_to_id
OCSP_response_status
OCSP_response_get1_basic
OCSP_resp_get0_certs
OCSP_resp_find_status
OCSP_check_validity
OCSP_basic_add1_cert
OCSP_BASICRESP_free
OCSP_basic_verify
OPENSSL_sk_pop_free
BIO_write
OBJ_obj2nid
EVP_PKEY_get_id
EVP_PKEY_get_bits
EVP_PKEY_CTX_new
EVP_PKEY_CTX_free
EVP_PKEY_param_check
PKCS7_free
X509_NAME_get_text_by_NID
PKCS8_PRIV_KEY_INFO_free
EVP_PKCS82PKEY
ERR_get_error
ERR_error_string
PKCS12_SAFEBAG_get_nid
PKCS12_SAFEBAG_get_bag_nid
PKCS12_SAFEBAG_get1_cert
PKCS12_SAFEBAG_get0_safes
PKCS12_SAFEBAG_get0_p8inf
PKCS12_decrypt_skey
PKCS12_unpack_p7data
PKCS12_unpack_p7encdata
PKCS12_unpack_authsafes
PKCS12_free
PKCS12_SAFEBAG_free
d2i_PKCS12_bio
BIO_f_buffer
PEM_read_bio_X509
PEM_read_bio_PrivateKey
X509_verify_cert
EVP_PKEY_Q_keygen
i2d_PrivateKey
d2i_AutoPrivateKey
EVP_PKEY_free
EVP_PKEY_dup
X509V3_set_ctx
EVP_get_digestbyname
EVP_sha1
OBJ_nid2sn
ASN1_STRING_to_UTF8
BN_to_ASN1_INTEGER
i2a_ASN1_INTEGER
BN_free
BN_new
BN_pseudo_rand
BIO_free_all
BIO_new_file
CRYPTO_free
CRYPTO_malloc
OPENSSL_sk_push
OPENSSL_sk_free
OPENSSL_sk_new_null
OPENSSL_sk_value
OPENSSL_sk_num
PEM_write_bio_X509
d2i_X509
X509_free
BIO_s_mem
BIO_ctrl
BIO_read
BIO_free
BIO_new
i2d_X509

ws2_32

WSAStartup
htons
ntohs
ntohl
htonl
WSAAddressToStringA
WSACleanup

Exports

Exports

?PFObject_create@ProtocolFilters@@YAPAVPFObject@1@HH@Z
?pf_addFilter@ProtocolFilters@@YAH_KW4_PF_FilterType@1@KW4_PF_OpTarget@1@1@Z
?pf_canDisableFiltering@ProtocolFilters@@YAH_K@Z
?pf_deleteExceptions@ProtocolFilters@@YAXW4_eEXCEPTION_CLASS@1@@Z
?pf_deleteFilter@ProtocolFilters@@YAH_KW4_PF_FilterType@1@@Z
?pf_free@ProtocolFilters@@YAXXZ
?pf_getFilterCount@ProtocolFilters@@YAH_K@Z
?pf_getNFEventHandler@ProtocolFilters@@YAPAVNF_EventHandler@nfapi@@XZ
?pf_getProcessOwnerA@ProtocolFilters@@YAHKPADH@Z
?pf_getProcessOwnerW@ProtocolFilters@@YAHKPA_WH@Z
?pf_getRootSSLCertFileName@ProtocolFilters@@YAHPA_WH@Z
?pf_importCompleted@ProtocolFilters@@YAHXZ
?pf_init@ProtocolFilters@@YAHPAVPFEvents@1@PB_W@Z
?pf_isFilterActive@ProtocolFilters@@YAH_KW4_PF_FilterType@1@@Z
?pf_loadCAStore@ProtocolFilters@@YAHPBD@Z
?pf_postObject@ProtocolFilters@@YAH_KPAVPFObject@1@@Z
?pf_setExceptionsTimeout@ProtocolFilters@@YAXW4_eEXCEPTION_CLASS@1@_K@Z
?pf_setRootSSLCertImportFlags@ProtocolFilters@@YAXK@Z
?pf_setRootSSLCertSubject@ProtocolFilters@@YAXPBD@Z
?pf_setRootSSLCertSubjectEx@ProtocolFilters@@YAXPBD0H0H@Z
?pf_startLog@ProtocolFilters@@YAHPBD@Z
?pf_stopLog@ProtocolFilters@@YAXXZ
?pf_unzipStream@ProtocolFilters@@YAHPAVPFStream@1@@Z
?pf_waitForImportCompletion@ProtocolFilters@@YAXXZ

Sections

.text
Size: 772KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d803c2873f2962fc2918f6bc0878e1e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

crypt32

libssl-3

libcrypto-3

ws2_32

Exports

Exports

Sections

.text Size: 772KB - Virtual size: 772KB

.rdata Size: 244KB - Virtual size: 243KB

.data Size: 37KB - Virtual size: 47KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 772KB - Virtual size: 772KB

.rdata
Size: 244KB - Virtual size: 243KB

.data
Size: 37KB - Virtual size: 47KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 29KB - Virtual size: 28KB