dab3fb4caf8fe6da8100814baa7bb8c96ab4abd112947d11efb352d232b150dd

Sharing

Copy URL

Twitter E-mail

General

Target

dab3fb4caf8fe6da8100814baa7bb8c96ab4abd112947d11efb352d232b150dd
Size

355KB
MD5

576bcca5d00cb696404b0db31187488b
SHA1

0f320d460f0febd5c6425dfd5560863c094ce3a2
SHA256

dab3fb4caf8fe6da8100814baa7bb8c96ab4abd112947d11efb352d232b150dd
SHA512

dda2b4c3cfbbb3ec8e4c4ba32fd3863fab5f4e02f72220e7f3ee3a385986444ab0d4d99be5eafd8b97d0a75d5791ca7fd64f043cb5c7891540a6d02ced7028a3
SSDEEP

6144:DbGnjL6V7bh9K1oGnT4Bc3DRW9Xi6Ndcjm6jTw:Danj2Fbh9aaBczRW9bdcC4w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dab3fb4caf8fe6da8100814baa7bb8c96ab4abd112947d11efb352d232b150dd

Files

dab3fb4caf8fe6da8100814baa7bb8c96ab4abd112947d11efb352d232b150dd
.dll windows:6 windows x64 arch:x64

d0adb998baf3fa511c0ed26381495002

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Documents\vcpkg\buildtrees\pcre\x64-o1-windows-rel\pcre16.pdb

Imports

kernel32

ReleaseMutex
WaitForSingleObject
CreateMutexA
GetSystemInfo
VirtualAlloc
VirtualFree
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

vcruntime140

strchr
memcmp
memcpy
memmove
memset
__C_specific_handler
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

isdigit
isupper
isalpha
isspace
islower
tolower
toupper
iscntrl
isgraph
isprint
isalnum
ispunct
isxdigit

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_execute_onexit_table
_cexit
_initterm
_seh_filter_dll
_initialize_narrow_environment
_initterm_e
_configure_narrow_argv

Exports

Exports

pcre16_assign_jit_stack
pcre16_callout
pcre16_compile
pcre16_compile2
pcre16_config
pcre16_copy_named_substring
pcre16_copy_substring
pcre16_dfa_exec
pcre16_exec
pcre16_free
pcre16_free_study
pcre16_free_substring
pcre16_free_substring_list
pcre16_fullinfo
pcre16_get_named_substring
pcre16_get_stringnumber
pcre16_get_stringtable_entries
pcre16_get_substring
pcre16_get_substring_list
pcre16_jit_exec
pcre16_jit_free_unused_memory
pcre16_jit_stack_alloc
pcre16_jit_stack_free
pcre16_maketables
pcre16_malloc
pcre16_pattern_to_host_byte_order
pcre16_refcount
pcre16_stack_free
pcre16_stack_guard
pcre16_stack_malloc
pcre16_study
pcre16_utf16_to_host_byte_order
pcre16_version

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0adb998baf3fa511c0ed26381495002

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 261KB - Virtual size: 260KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 108B

.text
Size: 261KB - Virtual size: 260KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 108B