c95f0dbf312f78a40fa501448fa345bade165b323630478a035611d4cd54b7c3

Sharing

Copy URL Twitter E-mail

General

Target

c95f0dbf312f78a40fa501448fa345bade165b323630478a035611d4cd54b7c3
Size

3.6MB
MD5

e957f649e1c7cfd343f61b6cb9a62ea4
SHA1

1b610dcfacf53591e0bece81336abf9d7cc26ffd
SHA256

c95f0dbf312f78a40fa501448fa345bade165b323630478a035611d4cd54b7c3
SHA512

4ed796a33eeea3314299109eb629ec69f68b5678f11fcade946dead22fbaa5a12d0aa557e3b2c8ef831c4638a53d9165a62e7089b0808a3999aa69ebb9c7aa61
SSDEEP

49152:gz2g1nwWUhbmuCi0xFl+c2gCssLfBrVPWMmKGRTIx2EQ2iGSY8Mllycty:gz2gBwWibmjimFHsjWMmK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c95f0dbf312f78a40fa501448fa345bade165b323630478a035611d4cd54b7c3

Files

c95f0dbf312f78a40fa501448fa345bade165b323630478a035611d4cd54b7c3
.dll windows:5 windows x86 arch:x86

c7f2b172f1a7784d346f36f22513a1d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SOURCESVN\winclient\winclient\compiled\DebugDB\loader\Release\loader.pdb

Imports

ws2_32

send
shutdown
getsockname
WSAStartup
WSACleanup
WSASetLastError
freeaddrinfo
getnameinfo
accept
connect
listen
setsockopt
getaddrinfo
ioctlsocket
bind
closesocket
gethostbyname
ntohl
inet_addr
socket
ntohs
recv
getsockopt
WSAGetLastError

crypt32

CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertOpenStore
CertDuplicateCertificateContext
CertFindCertificateInStore

kernel32

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFullPathNameW
GetDriveTypeW
DuplicateHandle
TryEnterCriticalSection
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
SetEndOfFile
FreeLibraryAndExitThread
GetCurrentDirectoryW
CreateTimerQueue
GetNumaHighestNodeNumber
GetProcessAffinityMask
SignalObjectAndWait
CreateMutexW
WaitForSingleObject
ReleaseMutex
Sleep
CloseHandle
MulDiv
GetVersionExW
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
GetLastError
SetEvent
GetCurrentProcessId
FormatMessageW
WideCharToMultiByte
EncodePointer
DecodePointer
MultiByteToWideChar
GetCPInfo
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
FreeLibrary
SetThreadAffinityMask
InterlockedPushEntrySList
InterlockedFlushSList
GetTimeZoneInformation
HeapAlloc
SwitchToThread
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
GetCurrentThread
GetACP
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
DeleteFileW
GetProcessHeap
SetConsoleCtrlHandler
FindClose
FindFirstFileExA
FindNextFileA
FindNextFileW
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
HeapSize
ReadFile
GetConsoleMode
ReadConsoleW
FlushFileBuffers
WriteFile
GetConsoleCP
SetFilePointerEx
WriteConsoleW
CreateThread
CreateFileW
FindFirstFileW
SetThreadPriority
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
LocalFree
FormatMessageA
SwitchToFiber
DeleteFiber
CreateFiber
GetEnvironmentVariableW
GetSystemTime
SystemTimeToFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
ReadConsoleA
SetConsoleMode
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
VirtualAlloc
VirtualFree
GetThreadPriority
HeapReAlloc
GetLogicalProcessorInformation
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
LoadLibraryExW
IsValidCodePage

user32

GetProcessWindowStation
ReleaseDC
GetUserObjectInformationW
GetDC
MessageBoxW

gdi32

GetDeviceCaps

advapi32

CryptGenRandom
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW

shell32

ShellExecuteW

Exports

Exports

Initialize

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7f2b172f1a7784d346f36f22513a1d8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 700KB - Virtual size: 700KB

.data Size: 74KB - Virtual size: 104KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 160KB - Virtual size: 160KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 700KB - Virtual size: 700KB

.data
Size: 74KB - Virtual size: 104KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 160KB - Virtual size: 160KB