53218103762ccdc640580cdb12c9c553c379c7b911a641c3e959776ea04e4c22

Sharing

Copy URL Twitter E-mail

General

Target

53218103762ccdc640580cdb12c9c553c379c7b911a641c3e959776ea04e4c22
Size

248KB
MD5

7baec365307012c9aa12613ade488daa
SHA1

dff5118ce78e5e570e379cb2b41305edc28fa8e6
SHA256

53218103762ccdc640580cdb12c9c553c379c7b911a641c3e959776ea04e4c22
SHA512

825e4936017b8efac113bca3b40bb71c8c3c30b1083b6b4d86a94c7087a7cafba41eb435fee68be1c82b0b25c6ffacb31c41edcb6772ca51a272d09a6c465616
SSDEEP

3072:YExIjrh/UwAcAZvPYcxO6bAdqxLbEW9sM6w6SbIDjipkzCE86Pn+BjMRSz/ERJeY:PbzsM6ibIDmiCENnjRRZNx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53218103762ccdc640580cdb12c9c553c379c7b911a641c3e959776ea04e4c22

Files

53218103762ccdc640580cdb12c9c553c379c7b911a641c3e959776ea04e4c22
.dll windows:6 windows x86 arch:x86

599e11bf6d8a09b832bbe62adc5c96cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\projectsJ\nfsdk2_1.6\nfapi\build\release\win32\nfapi.pdb

Imports

kernel32

GetOverlappedResult
ReadFile
DeviceIoControl
GetProcAddress
GetModuleHandleA
OpenProcess
CancelIo
GetLogicalDriveStringsW
QueryDosDeviceW
GetDriveTypeW
SetLastError
CreateFileA
GetVersionExA
GetLastError
WriteFile
GetTickCount
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetSystemInfo
ResetEvent
CreateEventA
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetCurrentProcessId
EnterCriticalSection
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapAlloc
HeapFree
EncodePointer
DecodePointer
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
GetProcessHeap
HeapSize
Sleep
InterlockedIncrement
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
FatalAppExitA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
CreateFileW

advapi32

DeleteService
RegSetValueExA
QueryServiceStatus
OpenServiceA
StartServiceA
CloseServiceHandle
CreateServiceW
OpenSCManagerA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA

psapi

GetModuleFileNameExA
GetModuleFileNameExW

Exports

Exports

?nf_addBindingRule@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_BINDING_RULE@1@H@Z
?nf_addFlowCtl@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_FLOWCTL_DATA@1@PAI@Z
?nf_addRule@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE@1@H@Z
?nf_addRuleEx@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE_EX@1@H@Z
?nf_adjustProcessPriviledges@nfapi@@YAXXZ
?nf_completeTCPConnectRequest@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_TCP_CONN_INFO@1@@Z
?nf_completeUDPConnectRequest@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_UDP_CONN_REQUEST@1@@Z
?nf_deleteBindingRules@nfapi@@YA?AW4_NF_STATUS@@XZ
?nf_deleteFlowCtl@nfapi@@YA?AW4_NF_STATUS@@I@Z
?nf_deleteRules@nfapi@@YA?AW4_NF_STATUS@@XZ
?nf_free@nfapi@@YAXXZ
?nf_getConnCount@nfapi@@YAKXZ
?nf_getDriverType@nfapi@@YAKXZ
?nf_getFlowCtlStat@nfapi@@YA?AW4_NF_STATUS@@IPAU_NF_FLOWCTL_STAT@1@@Z
?nf_getProcessNameA@nfapi@@YAHKPADK@Z
?nf_getProcessNameFromKernel@nfapi@@YAHKPA_WK@Z
?nf_getProcessNameW@nfapi@@YAHKPA_WK@Z
?nf_getTCPConnInfo@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_TCP_CONN_INFO@1@@Z
?nf_getTCPStat@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_FLOWCTL_STAT@1@@Z
?nf_getUDPConnInfo@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_UDP_CONN_INFO@1@@Z
?nf_getUDPStat@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_FLOWCTL_STAT@1@@Z
?nf_init@nfapi@@YA?AW4_NF_STATUS@@PBDPAVNF_EventHandler@1@@Z
?nf_ipPostReceive@nfapi@@YA?AW4_NF_STATUS@@PBDHPAU_NF_IP_PACKET_OPTIONS@1@@Z
?nf_ipPostSend@nfapi@@YA?AW4_NF_STATUS@@PBDHPAU_NF_IP_PACKET_OPTIONS@1@@Z
?nf_modifyFlowCtl@nfapi@@YA?AW4_NF_STATUS@@IPAU_NF_FLOWCTL_DATA@1@@Z
?nf_registerDriver@nfapi@@YA?AW4_NF_STATUS@@PBD@Z
?nf_registerDriverEx@nfapi@@YA?AW4_NF_STATUS@@PBD0@Z
?nf_setIPEventHandler@nfapi@@YAXPAVNF_IPEventHandler@1@@Z
?nf_setOptions@nfapi@@YAXKK@Z
?nf_setRules@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE@1@H@Z
?nf_setRulesEx@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE_EX@1@H@Z
?nf_setTCPFlowCtl@nfapi@@YA?AW4_NF_STATUS@@_KI@Z
?nf_setTCPTimeout@nfapi@@YAKK@Z
?nf_setUDPFlowCtl@nfapi@@YA?AW4_NF_STATUS@@_KI@Z
?nf_tcpClose@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_tcpDisableFiltering@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_tcpIsProxy@nfapi@@YAHK@Z
?nf_tcpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_tcpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_tcpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_tcpSetSockOpt@nfapi@@YA?AW4_NF_STATUS@@_KHPBDH@Z
?nf_udpDisableFiltering@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_udpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_udpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_udpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_unRegisterDriver@nfapi@@YA?AW4_NF_STATUS@@PBD@Z

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

599e11bf6d8a09b832bbe62adc5c96cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

psapi

Exports

Exports

Sections

.text Size: 179KB - Virtual size: 179KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 712B

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 179KB - Virtual size: 179KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 712B

.reloc
Size: 19KB - Virtual size: 19KB