bdda6440cf2f6e19cc93afdcecbc11c3eb54d84ae60dee7dd31727bc2d3bada1

Sharing

Copy URL Twitter E-mail

General

Target

bdda6440cf2f6e19cc93afdcecbc11c3eb54d84ae60dee7dd31727bc2d3bada1
Size

242KB
MD5

558a8b08a921d7c524a239760a1dd772
SHA1

02548a2edb7a7a58245ba6520f2fc86822a50ca1
SHA256

bdda6440cf2f6e19cc93afdcecbc11c3eb54d84ae60dee7dd31727bc2d3bada1
SHA512

8f6628cd260f83890dc9d3198f73f632c9c1845795eb3cb8de63f737d04e3caebde08ebed88d8e7a1d1b3a83d5836fe885ef5f7e33293b12255758ffb974a026
SSDEEP

6144:NZqFkKVxHS/11b15cansXUTvUMfqO5/Qpc9KpR9mDl4ey:T0hVup5cxmvNr5/QpdpR9mBy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdda6440cf2f6e19cc93afdcecbc11c3eb54d84ae60dee7dd31727bc2d3bada1

Files

bdda6440cf2f6e19cc93afdcecbc11c3eb54d84ae60dee7dd31727bc2d3bada1
.dll windows:6 windows x86 arch:x86

5529e565ce5ac6bbab367736c270631a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\assemblage\Builds\5698385431900445571cqfvxrvoob\ELog-master\ELog\assemblage_outdir_bin\Elog.pdb

Imports

kernel32

SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
SetConsoleMode
SetCurrentConsoleFontEx
GetConsoleMode
FreeConsole
GetLocalTime
AllocConsole
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WideCharToMultiByte
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CloseHandle
GetLastError
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RaiseException
RtlUnwind
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
GetACP
GetFileType
GetProcessHeap
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
WriteFile
GetConsoleCP
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW

Exports

Exports

ELoggerCustom
ELoggerDebug
ELoggerEmpty
ELoggerFailure
ELoggerFree
ELoggerInit
ELoggerSucc
ELoggerWarning

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5529e565ce5ac6bbab367736c270631a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 170KB - Virtual size: 169KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 7KB - Virtual size: 10KB

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 7KB - Virtual size: 10KB

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 11KB - Virtual size: 10KB