9fb4f6ab38dcab864c1b01c6a07d632dc17de1a868e245a1766133be1dab4fa1

Sharing

Copy URL Twitter E-mail

General

Target

9fb4f6ab38dcab864c1b01c6a07d632dc17de1a868e245a1766133be1dab4fa1
Size

785KB
MD5

23afc649dcf546ae6dfbda50e15c9925
SHA1

583632f656f247361bb9aeb902c973dbb6274313
SHA256

9fb4f6ab38dcab864c1b01c6a07d632dc17de1a868e245a1766133be1dab4fa1
SHA512

08e6f1bcaface4e667f6d666bcded0dc39296413220f94a5969c593d3d19513dae0649de475f6abdeb7a053cff06d721d1f004f3d22024b713383961f88cb521
SSDEEP

12288:ppeMyTAe6lwZ6fihvzifc5Rla75kKq6ui1+bGri7BvmZrbZamT4:HhyTT6lbfLYlaljqK+bZvUr1amT4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fb4f6ab38dcab864c1b01c6a07d632dc17de1a868e245a1766133be1dab4fa1

Files

9fb4f6ab38dcab864c1b01c6a07d632dc17de1a868e245a1766133be1dab4fa1
.dll windows:6 windows x86 arch:x86

8c12c4584a63b5bd037ad024d954ca31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\client\Output\pdbs\Release\Agent.pdb

Imports

kernel32

GetComputerNameW
SetFilePointer
SetEndOfFile
WriteFile
GetLocalTime
OpenProcess
K32GetModuleFileNameExW
K32EnumProcesses
GetProcessTimes
GetSystemTimes
K32GetProcessMemoryInfo
FindFirstChangeNotificationW
FindNextChangeNotification
ExpandEnvironmentStringsW
GetDiskFreeSpaceExW
WTSGetActiveConsoleSessionId
GetProductInfo
PeekNamedPipe
GetShortPathNameW
CreateDirectoryW
MoveFileExW
RemoveDirectoryW
CreateFileMappingW
MapViewOfFile
MoveFileW
CreatePipe
SetHandleInformation
CreateProcessW
GetExitCodeProcess
GetComputerNameExW
PulseEvent
FlushViewOfFile
CopyFileW
SetFileInformationByHandle
WaitForSingleObjectEx
ReleaseMutex
CreateSemaphoreW
ReleaseSemaphore
TerminateProcess
GetUserDefaultUILanguage
GlobalMemoryStatusEx
ResetEvent
GetLongPathNameW
GetStdHandle
SetProcessAffinityMask
FindCloseChangeNotification
UnmapViewOfFile
FreeLibrary
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
CreateMutexW
GetFileAttributesW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetCommandLineW
FormatMessageW
LocalFree
WaitForMultipleObjects
SetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
Sleep
IsDebuggerPresent
GetModuleHandleW
GetCurrentThreadId
DeleteFileW
GetFileSizeEx
ReadFile
GetCurrentProcess
GetCurrentProcessId
CreateFileW
GetTempPathW
GetModuleFileNameW
VirtualQuery
GetTickCount
WaitForSingleObject
ResumeThread
GetProcAddress
LoadLibraryW
SetUnhandledExceptionFilter
CreateThread
CloseHandle
GetLastError
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionEx
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
GetACP
IsValidCodePage
FindFirstFileExW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
SetStdHandle
ExitProcess
GetModuleHandleExW
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocaleInfoW
FreeLibraryAndExitThread
ExitThread
VirtualProtect
VirtualAlloc
GetSystemInfo
GetFileType
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
RaiseException
OutputDebugStringW
WriteConsoleW

user32

LoadStringW
MessageBoxW

advapi32

CryptDestroyKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
CopySid
GetLengthSid
IsValidSid
GetSidSubAuthority
CryptCreateHash
CryptHashData
CryptGetHashParam
ChangeServiceConfig2W
ControlService
RegEnumValueW
RegDeleteKeyW
LsaQueryInformationPolicy
CryptExportKey
CryptGenKey
CryptDestroyHash
LsaNtStatusToWinError
LsaOpenPolicy
LsaFreeMemory
LsaClose
QueryServiceStatus
StartServiceW
CreateServiceW
DeleteService
OpenServiceW
CloseServiceHandle
OpenSCManagerW
CryptReleaseContext
CryptAcquireContextW
CryptGenRandom
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegNotifyChangeKeyValue
RegCloseKey
RegEnumKeyW
CheckTokenMembership
GetSidLengthRequired
InitializeSid
RegQueryValueExW

shell32

CommandLineToArgvW
ord680
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

CoInitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString

userenv

UnloadUserProfile

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

crypt32

CryptProtectData
CertGetNameStringW
CryptEncodeObjectEx
CryptBinaryToStringA
CertFreeCertificateChain
CryptUnprotectData
CertGetCertificateContextProperty

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetApiBufferFree
NetWkstaGetInfo
NetGetJoinInformation

secur32

GetComputerObjectNameW

urlmon

ObtainUserAgentString

wininet

InternetQueryOptionW
InternetOpenUrlW
InternetConnectW
InternetReadFile
InternetCrackUrlW
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetQueryDataAvailable
HttpQueryInfoW
HttpEndRequestW
InternetOpenW
InternetSetOptionW
HttpSendRequestExW
InternetWriteFile

rpcrt4

RpcStringFreeW
UuidCreateSequential
UuidToStringW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

ws2_32

gethostbyname
WSACleanup
WSAGetLastError
WSAStartup

Exports

Exports

HandlerEx
RunDll

Sections

.text
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c12c4584a63b5bd037ad024d954ca31

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

userenv

wintrust

crypt32

version

netapi32

secur32

urlmon

wininet

rpcrt4

wtsapi32

ws2_32

Exports

Exports

Sections

.text Size: 528KB - Virtual size: 528KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 21KB - Virtual size: 25KB

.rsrc Size: 70KB - Virtual size: 70KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 528KB - Virtual size: 528KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 21KB - Virtual size: 25KB

.rsrc
Size: 70KB - Virtual size: 70KB

.reloc
Size: 27KB - Virtual size: 26KB