0ecde05d33d54982ffc96918b57effa1ca464a1ecd4d2f9613f9fe5aefc93068

Sharing

Copy URL

Twitter E-mail

General

Target

0ecde05d33d54982ffc96918b57effa1ca464a1ecd4d2f9613f9fe5aefc93068
Size

2.6MB
MD5

78a812f9d81b66e7989edbaa3a0b3357
SHA1

df2ecc23da7cc0e40628ab2554f4630818e7cdc8
SHA256

0ecde05d33d54982ffc96918b57effa1ca464a1ecd4d2f9613f9fe5aefc93068
SHA512

6b25765ee5db9889e9c62dd5d2d642f32ffd954999c49edaf3d902a4f9bd06ede27784b211a61c81d9e184f2c2d3b58c739d96a2c4f7d7e3ef8a18db0d4584c2
SSDEEP

49152:vXnK7RBFKOxrcGsopueWxgMwfX977wTH7rkA37+lC16jq/XtPpWjEE2AvLX:vXnO2Jo5WuMwvFwTHXkC6oXHWj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ecde05d33d54982ffc96918b57effa1ca464a1ecd4d2f9613f9fe5aefc93068

Files

0ecde05d33d54982ffc96918b57effa1ca464a1ecd4d2f9613f9fe5aefc93068
.dll windows:6 windows x86 arch:x86

6dd7b0dbc32bb8805c016a33e1578f61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\code\edrav2\edrav2\SOUMAO\PRJ\iprj\btw_3_3\btwguard\Release\QzhddrGuard32.pdb

Imports

rpcrt4

RpcAsyncInitializeHandle
NdrAsyncClientCall
RpcBindingFromStringBindingW
RpcAsyncCompleteCall
RpcStringFreeW
RpcAsyncCancelCall
RpcBindingFree
RpcStringBindingComposeW

advapi32

RegisterEventSourceW
DeregisterEventSource
ReportEventW

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

ws2_32

recv
WSAGetLastError
send
WSASetLastError
WSACleanup
closesocket

kernel32

LCMapStringEx
CompareStringEx
InitializeCriticalSectionEx
IsWow64Process
WriteProcessMemory
HeapSize
ReadProcessMemory
VirtualAllocEx
ReadFile
WriteFile
GetModuleFileNameW
CreateFileW
GetCurrentThreadId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteFileW
CloseHandle
GetFileSize
GetCurrentProcessId
CopyFileW
InitializeSRWLock
GetFileAttributesW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
VirtualQuery
WaitForSingleObject
GetLastError
CreateThread
GetProcAddress
GetModuleHandleW
SleepEx
GetFileInformationByHandle
GetCurrentThread
ReleaseSRWLockShared
GlobalLock
AcquireSRWLockShared
VerSetConditionMask
VerifyVersionInfoW
GlobalUnlock
GetCommandLineW
CreateEventW
SetEvent
TlsAlloc
LoadLibraryW
GetWindowsDirectoryW
FreeLibrary
TlsFree
HeapFree
HeapAlloc
GetProcessHeap
SetFileInformationByHandle
CreateFileMappingW
VirtualQueryEx
VirtualFree
VirtualAlloc
WaitForMultipleObjects
CreateDirectoryW
TlsSetValue
SetLastError
MultiByteToWideChar
GetTickCount64
GlobalAlloc
TlsGetValue
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleA
LoadLibraryA
WideCharToMultiByte
GetFileInformationByHandleEx
DuplicateHandle
GlobalSize
GlobalFlags
QueryDosDeviceW
CompareStringW
lstrlenW
SetFilePointer
OpenProcess
GetLogicalDriveStringsW
QueryFullProcessImageNameW
GetModuleHandleExA
GetCurrentProcess
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
VirtualProtectEx
LoadLibraryExA
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
GetLocaleInfoEx
GetModuleHandleExW
FlushFileBuffers
FormatMessageA
GetSystemTime
SystemTimeToFileTime
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
GetSystemInfo
HeapReAlloc
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
HeapValidate
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
DeleteCriticalSection
VirtualLock
VirtualUnlock
MoveFileExW
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetEnvironmentVariableW
GetFileType
DeleteFiber
ConvertFiberToThread
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
CreateProcessW
CreateProcessA
GetExitCodeProcess
RtlUnwind
RaiseException
InterlockedFlushSList
EncodePointer
ExitProcess
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetCurrentDirectoryW
GetStringTypeW
WriteConsoleW
DecodePointer
GetEnvironmentVariableA

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dd7b0dbc32bb8805c016a33e1578f61

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

advapi32

user32

ws2_32

kernel32

bcrypt

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 438KB - Virtual size: 437KB

.data Size: 46KB - Virtual size: 74KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 77KB - Virtual size: 76KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 438KB - Virtual size: 437KB

.data
Size: 46KB - Virtual size: 74KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 77KB - Virtual size: 76KB