e4f08ba0611abbc01220087b6753ddad33048b95bad5e7372d310046688e88c9

Sharing

Copy URL Twitter E-mail

General

Target

e4f08ba0611abbc01220087b6753ddad33048b95bad5e7372d310046688e88c9
Size

2.5MB
MD5

44a176acbc79629b3662714ffcb936c0
SHA1

735ef754ab0757744ff997100be901237b19fcdd
SHA256

e4f08ba0611abbc01220087b6753ddad33048b95bad5e7372d310046688e88c9
SHA512

071813b7a84e73ec95d451bb1e9edd14642f7d5215e48798ea0540455fdf08dc9ab5bc444c6913a64c02d586d7ed0ff27f59cee4dc19887562b53e3f8e2a4225
SSDEEP

49152:GA/Qyw3GxIIaTuuVsQho2lpprVuIrW/Ym3XZEzkQJymMgPBt8ar/x:T/BiGiIaTuuVXo2vTuvJEYWyJg5ea

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4f08ba0611abbc01220087b6753ddad33048b95bad5e7372d310046688e88c9

Files

e4f08ba0611abbc01220087b6753ddad33048b95bad5e7372d310046688e88c9
.dll windows:5 windows x86 arch:x86

da035da1f5ef754c0954921a7330d79b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Data\Sysceo\AD\缓存C++\Browser_noime\DLL_Release\broscfg.pdb

Imports

kernel32

SetLastError
SizeofResource
FreeResource
LoadResource
FindResourceW
SetErrorMode
GetStdHandle
FreeLibrary
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
OutputDebugStringW
GetCurrentProcessId
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetModuleHandleA
GetVersion
GetFileType
GlobalMemoryStatus
FlushConsoleInputBuffer
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
WriteConsoleW
SetStdHandle
EnumSystemLocalesW
CreateProcessA
GetStartupInfoA
CreateFileA
CreatePipe
DeviceIoControl
DeleteFileA
WritePrivateProfileStringW
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
LockResource
FindClose
GetFileSize
VirtualFree
ReadFile
GetExitCodeProcess
GetSystemTime
WideCharToMultiByte
CreateProcessW
SystemTimeToFileTime
MoveFileExW
LoadLibraryW
GetNativeSystemInfo
CloseHandle
MultiByteToWideChar
SetFileAttributesW
GetVersionExW
GetFileAttributesW
CreateFileW
WaitForSingleObject
GetEnvironmentVariableW
VirtualAlloc
WriteFile
lstrlenW
CreateDirectoryW
DeleteFileW
Sleep
GetComputerNameW
GetSystemDirectoryA
GetLastError
GetVolumeInformationA
GetModuleHandleW
GetUserDefaultLCID
IsValidLocale
GetACP
GetModuleFileNameA
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
SetFilePointerEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetProcessHeap
LocalFree
GetProcAddress
GetLocalTime
HeapAlloc
GetCurrentProcess
HeapFree
LockFileEx
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetFileTime
LoadLibraryExW
InterlockedFlushSList
RtlUnwind

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
wsprintfA
TranslateMessage
DispatchMessageW
PeekMessageW
wsprintfW

advapi32

RegQueryValueExW
ConvertSidToStringSidW
RegOpenKeyExW
OpenProcessToken
RegSetValueExW
RegCloseKey
LookupAccountNameW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyW
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameW
GetSidIdentifierAuthority
RegCreateKeyExW
GetTokenInformation
RegEnumKeyExW
IsValidSid
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ControlService
OpenServiceW

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize

shlwapi

PathFileExistsW

netapi32

Netbios

Exports

Exports

OPENSSL_Applink
rtool

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 932KB - Virtual size: 932KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da035da1f5ef754c0954921a7330d79b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

netapi32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 264KB - Virtual size: 263KB

.data Size: 16KB - Virtual size: 37KB

.gfids Size: 1024B - Virtual size: 884B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 932KB - Virtual size: 932KB

.reloc Size: 48KB - Virtual size: 48KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 264KB - Virtual size: 263KB

.data
Size: 16KB - Virtual size: 37KB

.gfids
Size: 1024B - Virtual size: 884B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 932KB - Virtual size: 932KB

.reloc
Size: 48KB - Virtual size: 48KB