3df517cd3067d981246196fddab54fd9b9b7978d3416dc27aabbc9efa0cb5883

Sharing

Copy URL Twitter E-mail

General

Target

3df517cd3067d981246196fddab54fd9b9b7978d3416dc27aabbc9efa0cb5883
Size

5.4MB
MD5

7f500d876cf31277c620b30aeccc069c
SHA1

0cdc463970750c186023fe133852ad36ea9d25a4
SHA256

3df517cd3067d981246196fddab54fd9b9b7978d3416dc27aabbc9efa0cb5883
SHA512

f9b3aeae0c6b420832cdc6aeeeea27bf403a5a540ded32137f6e4c43f825347afc8a3194c84c8949f26bd32fcf6d20259fec825323bcf98979cf657ee62a6c15
SSDEEP

98304:Gszew5GejamHeI2hedn0BpACikBz2s6poek6ab+ItjKuv2P6:Gszew5GkHB2Idn0y8z2NpQ6aS8GfP6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3df517cd3067d981246196fddab54fd9b9b7978d3416dc27aabbc9efa0cb5883

Files

3df517cd3067d981246196fddab54fd9b9b7978d3416dc27aabbc9efa0cb5883
.dll windows:5 windows x64 arch:x64

ba7b5feb0da0c466b5a8f5322e7aa4fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\bamboo-home\xml-data\build-dir\NGS-REL384-NB\_Build\NGClient\x64\Output\Release\NGClient64.pdb

Imports

kernel32

QueryPerformanceFrequency
GetModuleFileNameA
CreateFileW
GetCurrentThreadId
GetCurrentProcess
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetProcessHeap
HeapAlloc
HeapFree
WideCharToMultiByte
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetProcAddress
GetModuleHandleA
ReadFile
GetSystemDirectoryW
GetWindowsDirectoryW
CreateDirectoryW
GetTimeZoneInformation
GetSystemTimeAsFileTime
OpenMutexW
OpenEventW
OpenFileMappingW
MapViewOfFile
WaitForSingleObject
SetEvent
ReleaseMutex
MultiByteToWideChar
Sleep
CreateFileMappingW
GetFileSize
SetLastError
LoadLibraryW
GetConsoleMode
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
ResetEvent
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathW
CopyFileW
DeleteFileW
WaitForMultipleObjects
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
SetFileAttributesW
SetFilePointer
ExpandEnvironmentStringsW
GetLongPathNameW
GetStdHandle
DuplicateHandle
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
GetConsoleWindow
WriteFile
FindClose
FindFirstFileW
FindNextFileW
GetEnvironmentVariableA
SetEnvironmentVariableA
CreatePipe
CreateMutexW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
QueryPerformanceCounter
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
RtlUnwindEx
LoadLibraryExW
GetModuleHandleExW
HeapReAlloc
ExitProcess
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
ReadConsoleW
HeapSize
GetCurrentDirectoryW
DisableThreadLibraryCalls
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetModuleFileNameW
FreeLibrary
GetLastError
Module32NextW
GetCurrentProcessId
OpenProcess
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalMemoryStatusEx
GetLocaleInfoA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessMemoryInfo

netapi32

NetWkstaGetInfo
NetApiBufferFree

wintrust

WinVerifyTrust

crypt32

CertCloseStore
CertGetNameStringW
CertFindCertificateInStore
CertFreeCertificateContext
CryptMsgClose
CryptQueryObject
CryptMsgGetParam

advapi32

CryptGenRandom
StartServiceW
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
QueryServiceStatus
CloseServiceHandle
QueryServiceConfigW

ws2_32

WSACleanup
WSAStartup

Sections

.text
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3.7MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba7b5feb0da0c466b5a8f5322e7aa4fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

version

psapi

netapi32

wintrust

crypt32

advapi32

ws2_32

Sections

.text Size: 994KB - Virtual size: 994KB

.rdata Size: 504KB - Virtual size: 503KB

.data Size: 99KB - Virtual size: 118KB

.pdata Size: 63KB - Virtual size: 63KB

.gfids Size: 1024B - Virtual size: 592B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3.7MB - Virtual size: 11.8MB

.text
Size: 994KB - Virtual size: 994KB

.rdata
Size: 504KB - Virtual size: 503KB

.data
Size: 99KB - Virtual size: 118KB

.pdata
Size: 63KB - Virtual size: 63KB

.gfids
Size: 1024B - Virtual size: 592B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3.7MB - Virtual size: 11.8MB