859301af1a168a58d112780a716646b5defb5b3cab25210c3f3450541147c6c6

Sharing

Copy URL Twitter E-mail

General

Target

859301af1a168a58d112780a716646b5defb5b3cab25210c3f3450541147c6c6
Size

579KB
MD5

6a471eafc9b1dc7352a3f5481ca01365
SHA1

05fe7ced58addbdf5a34307360c1277086d9c5aa
SHA256

859301af1a168a58d112780a716646b5defb5b3cab25210c3f3450541147c6c6
SHA512

89bc04c36f3fb0b171fd7e0e8b37306ed34893c16fde9c961d0e956ed60eed3a6cf58077398f68296a8292ab1a19af2f1bb867b2da5ede810571f5e6380580f4
SSDEEP

12288:eU3AiT6ioLPNcFv5nWMrogj1Je26Erl1K+8HLkdd5a8eKGGtxNizUfJnt7Fg0Dgu:eU3AiT6vLPNcFxnHEgj1Qa51K+P9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
859301af1a168a58d112780a716646b5defb5b3cab25210c3f3450541147c6c6

Files

859301af1a168a58d112780a716646b5defb5b3cab25210c3f3450541147c6c6
.dll windows:5 windows x64 arch:x64

aeea349a2d79b054dab0663648897844

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\doclib\Release\doclib64.pdb

Imports

kernel32

DisableThreadLibraryCalls
lstrcmpA
GetFileSize
DeleteCriticalSection
CreateEventW
EnterCriticalSection
lstrcmpiA
LeaveCriticalSection
InitializeCriticalSection
SetEvent
lstrlenA
Sleep
CreateFileMappingW
GetLastError
GetFileSizeEx
GetTempPathW
lstrlenW
TerminateProcess
WriteFile
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
SetFilePointer
CreateThread
CancelIo
CreateIoCompletionPort
lstrcmpiW
GetFileAttributesW
ReadDirectoryChangesW
GetQueuedCompletionStatus
DeleteFileW
GetSystemDirectoryW
WriteFileEx
ReadFileEx
DisconnectNamedPipe
GetOverlappedResult
WaitNamedPipeW
CreateNamedPipeW
WaitForSingleObjectEx
ConnectNamedPipe
GetWindowsDirectoryW
MoveFileW
OutputDebugStringA
lstrcatA
OutputDebugStringW
lstrcpyA
SetFileAttributesW
lstrcpyW
LocalFree
Module32NextW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
CloseHandle
lstrcmpW
CreateFileW
ReadFile
lstrcpynW
lstrcpynA
GetLogicalDrives
GetDriveTypeW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
HeapAlloc
GetCPInfo
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringW
LCMapStringA
GetStringTypeW
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetStdHandle
GetModuleFileNameA
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
HeapDestroy
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
LoadLibraryA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
GetProcessHeap
OpenProcess
FindFirstFileW
VirtualQuery
CreateProcessW
IsBadReadPtr
GetDriveTypeA
LoadLibraryW
CopyFileW
GetVersionExW
GetModuleFileNameW
GetCurrentDirectoryW
FindClose
GetLocalTime
Process32FirstW
ProcessIdToSessionId
RemoveDirectoryW
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
GetModuleHandleA
lstrcatW

shell32

SHGetSpecialFolderPathW
ord165
SHCreateDirectoryExW

sqlcipher64

sqlite3_backup_step
sqlite3_open16
sqlite3_backup_finish
sqlite3_open
sqlite3_exec
sqlite3_backup_init
sqlite3_close

shlwapi

SHGetValueA
StrStrW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
StrStrIW
PathAppendW
wnsprintfW
PathIsDirectoryW
StrNCatA
StrCatW
wvnsprintfA
StrNCatW
PathRemoveFileSpecW
StrChrW
SHGetValueW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

iphlpapi

GetExtendedTcpTable

advapi32

RegCloseKey
FreeSid
OpenProcessToken
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueW
StartServiceW
QueryServiceStatus
AllocateAndInitializeSid
SetEntriesInAclW
RegOpenKeyExW

ole32

CoCreateGuid

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aeea349a2d79b054dab0663648897844

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

sqlcipher64

shlwapi

userenv

psapi

iphlpapi

advapi32

ole32

Sections

.text Size: 412KB - Virtual size: 411KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 16KB - Virtual size: 30KB

.pdata Size: 27KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 412KB - Virtual size: 411KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 16KB - Virtual size: 30KB

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB