a9e155c0ecfdb33db4db780dfde2f18ac9489798d263a4d567d8ebb28f261502

Sharing

Copy URL

Twitter E-mail

General

Target

a9e155c0ecfdb33db4db780dfde2f18ac9489798d263a4d567d8ebb28f261502
Size

310KB
MD5

18863caaf7a7fcc457265558f27ab908
SHA1

eb9da63581c10f4e2dbb7d21f7cea19c21dc7b8a
SHA256

a9e155c0ecfdb33db4db780dfde2f18ac9489798d263a4d567d8ebb28f261502
SHA512

66d10aeff4a3eb46f9eca214718c57d15903a9aebe3a145a0e94d83ed936ec75365865b64c075842256388697b03953a633d347ecd3925ace9ca6808eae70fba
SSDEEP

6144:PsIKAgLkpqNqNBqqh05IcauCNTh5x+I2YGvBLRR:PsBkpqNqNl0qHNTLo2mJRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9e155c0ecfdb33db4db780dfde2f18ac9489798d263a4d567d8ebb28f261502

Files

a9e155c0ecfdb33db4db780dfde2f18ac9489798d263a4d567d8ebb28f261502
.dll windows:5 windows x86 arch:x86

1e696572c3ff4dfe665db4b1cf3794f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\nacmacwatch\Release\nacmacwatch.pdb

Imports

shlwapi

PathAppendW
PathFileExistsW
StrStrIA
wnsprintfA
wvnsprintfW
PathIsDirectoryW
StrStrW
PathFindFileNameW
wnsprintfW
wvnsprintfA
PathRemoveFileSpecW
StrStrIW
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA

ws2_32

ioctlsocket
connect
inet_addr
select
WSAGetLastError
htons
socket
inet_ntoa
closesocket
__WSAFDIsSet

iphlpapi

GetAdaptersInfo

kernel32

lstrcmpiW
GetModuleHandleA
OutputDebugStringA
GetVersion
GetFileAttributesW
LoadLibraryW
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
lstrcmpiA
lstrcpynW
lstrcmpA
GetCurrentThreadId
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
SetEvent
InterlockedIncrement
CreateThread
CloseHandle
SetLastError
GetLastError
GetTempPathW
GetExitCodeProcess
Sleep
OutputDebugStringW
WaitForSingleObject
CreateEventW
GetModuleFileNameW
LocalAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
SetFilePointer
GetWindowsDirectoryW
lstrcpyA
lstrcpyW
LocalFree
DeleteFileW
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
lstrcatW
Process32NextW
Module32FirstW
QueryDosDeviceW
WriteConsoleA
GetConsoleOutputCP
InterlockedDecrement
InterlockedExchange
DeleteCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
WriteFile
GetStdHandle
GetModuleFileNameA
ExitProcess
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoW
WriteConsoleW
CreateFileA
VirtualQuery
lstrcpynA
CreateProcessW
GetLogicalDrives
OpenProcess
GetVersionExW
ReadFile
CreateFileW
lstrlenW
GetLocalTime
Process32FirstW
ProcessIdToSessionId

user32

SendMessageTimeoutW
PostMessageW
IsWindowEnabled
FindWindowW
GetWindowLongW
EnumChildWindows
IsWindow

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shell32

ord165

psapi

GetProcessImageFileNameW

advapi32

SetFileSecurityW
RegOpenKeyExW
FreeSid
RegEnumValueW
OpenProcessToken
GetUserNameW
RegCloseKey
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid

ole32

CoCreateGuid

Exports

Exports

NacMacWatchSetConfig
NacMacWatchSetServerIpPort
NacMacWatchStart

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e696572c3ff4dfe665db4b1cf3794f4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

ws2_32

iphlpapi

kernel32

user32

userenv

shell32

psapi

advapi32

ole32

Exports

Exports

Sections

.text Size: 231KB - Virtual size: 231KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 10KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 231KB - Virtual size: 231KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 10KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 18KB - Virtual size: 17KB