7a863f76a0030ead18c7045f1a073a05a7ab4b29d35dfe2b9580349cfa0dc542

Sharing

Copy URL Twitter E-mail

General

Target

7a863f76a0030ead18c7045f1a073a05a7ab4b29d35dfe2b9580349cfa0dc542
Size

1.2MB
MD5

16c0d8d989ecb758e43b71e95e8041ec
SHA1

876a58b71af6fdfdc9e25283d3155347a28be043
SHA256

7a863f76a0030ead18c7045f1a073a05a7ab4b29d35dfe2b9580349cfa0dc542
SHA512

da50a0e7225ee939874ea8e97ee75283901f256ed43dd4346bb30e4487bb418157d5fbac74c8fecf324fd2f25af66e3211edb1893b69263d82b4a71f2ad9517e
SSDEEP

24576:zPReyA75Meab3OmJheZbXexaEGNijBf1pmIn7t:7RtA7wimJheZSaEYiB1oq7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a863f76a0030ead18c7045f1a073a05a7ab4b29d35dfe2b9580349cfa0dc542

Files

7a863f76a0030ead18c7045f1a073a05a7ab4b29d35dfe2b9580349cfa0dc542
.dll windows:6 windows x64 arch:x64

df8d9c0db3da412af4a1420e58fffab1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\build\ob\bora-24127552\src\bora\build\build\LIBRARIES\vnetlibdll\win64\release\vnetlib64.pdb

Imports

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
EncodePointer
InterlockedFlushSList
RtlUnwindEx
WriteConsoleW
CloseHandle
CreateFileW
ReadConsoleW
ReadFile
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetTempPathW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetModuleFileNameW
GetProcAddress
GetModuleHandleExW
FreeLibrary
RtlPcToFileHeader
ExitProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
CreateEventW
CreateFileA
LoadLibraryW
GetVersionExA
GetTempFileNameW
CreateThread
SetEvent
FindResourceA
SizeofResource
GetModuleHandleA
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
MoveFileExW
Sleep
CopyFileW
FormatMessageW
GetSystemDirectoryW
SetFileAttributesW
GetFileAttributesExW
GetFileAttributesW
CreateDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
CreateWaitableTimerA
GetSystemTime
CancelWaitableTimer
SetWaitableTimer
CreateEventA
ResetEvent
DeviceIoControl
FileTimeToLocalFileTime
LocalFree
LocalAlloc
DeleteFileW
ExpandEnvironmentStringsW
GetSystemInfo
VerSetConditionMask
RtlUnwind
InitializeCriticalSectionEx
DecodePointer
LCMapStringEx
LoadLibraryExA
TerminateProcess
WaitForSingleObjectEx
VirtualQuery
VirtualProtect
InitializeCriticalSection
CreateFileMappingA
GetVersionExW
GetTimeZoneInformation
SetEndOfFile
GetFileSizeEx
DosDateTimeToFileTime
VerifyVersionInfoW
GetEnvironmentVariableW
MapViewOfFile
UnmapViewOfFile
lstrcmpA

ws2_32

htonl
inet_addr
inet_ntoa
closesocket
recvfrom
select
sendto
socket
ntohl
WSAStartup
WSAGetLastError

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
LookupAccountSidW
OpenServiceA
OpenSCManagerA
EnumDependentServicesA
UnlockServiceDatabase
StartServiceA
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
EnumDependentServicesW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegGetKeySecurity
FreeInheritedFromArray
GetInheritanceSourceW
SetSecurityInfo
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
LookupPrivilegeDisplayNameA
LookupPrivilegeNameA
IsValidSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSecurityDescriptorControl
GetAclInformation
GetAce
EqualSid
AddAce
SetEntriesInAclW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueA
SetSecurityDescriptorDacl
IsValidAcl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken

setupapi

SetupDiGetDriverInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupOpenInfFileW
SetupQueryInfOriginalFileInformationW
SetupGetInfInformationW
SetupGetNonInteractiveMode
SetupSetNonInteractiveMode
SetupGetInfDriverStoreLocationW
SetupGetLineTextA
SetupCloseInfFile
SetupOpenInfFileA
SetupGetInfFileListA
SetupDiSetClassInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiDeleteDeviceInfo
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
CM_Get_DevNode_Status
SetupDiClassGuidsFromNameW
SetupDiClassNameFromGuidW
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetClassDescriptionW
SetupDiBuildClassInfoList
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
CMP_WaitNoPendingInstallEvents
SetupCopyOEMInfW
SetupGetLineTextW
SetupDiBuildDriverInfoList

iphlpapi

GetIpAddrTable

user32

LoadStringA
DestroyWindow
IsWindow
SendMessageA
GetDlgItem
EnumChildWindows
GetWindowThreadProcessId
LoadStringW
CreateWindowExW

ole32

StringFromGUID2
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
CoQueryProxyBlanket
CoCreateInstance

oleaut32

SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPutElement
SysAllocString
SafeArrayGetDim
SysStringLen
VariantClear
VariantInit
SysFreeString

mprapi

MprConfigGetFriendlyName
MprConfigServerDisconnect
MprConfigServerConnect

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetKnownFolderPath
SHGetFolderPathW

rpcrt4

UuidCreate

crypt32

CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertGetNameStringW
CryptQueryObject
CryptMsgOpenToDecode

wintrust

WinVerifyTrust

Exports

Exports

VNL_AssignSubnetAddressToVnet
VNL_BackupDatabase
VNL_BackupDatabaseInRegistry
VNL_CheckHostPacketFilterLog
VNL_CloseHostPacketFilter
VNL_CloseHostPacketFilterLog
VNL_ConnectVnetAdapter
VNL_ConnectVnetSwitch
VNL_DeleteNetLibDatabase
VNL_DeleteVnetFromDatabase
VNL_DisableIntelRLB
VNL_DisableNetworkAdapter
VNL_EnableNetworkAdapter
VNL_EnumDHCPIPToMAC
VNL_EnumNATPortForward
VNL_EnumNATPrivPort
VNL_ExportDatabaseToFile
VNL_FindVNetWithFeatures
VNL_GetAdapterActualAddr
VNL_GetBridgeHints
VNL_GetBridgeState
VNL_GetBridgeStatus
VNL_GetCurrentLogLevel
VNL_GetDHCPConfigFilePath
VNL_GetDHCPIPToMAC
VNL_GetDHCPLeaseFilePath
VNL_GetDHCPParam
VNL_GetDHCPStatus
VNL_GetDefaultLogLevel
VNL_GetHostAdapterName
VNL_GetHostPacketFilterLogEvent
VNL_GetInstallBridge
VNL_GetInstallCustomNetworkConfig
VNL_GetInstallDHCPOnlyIfUsed
VNL_GetInstallNATOnlyIfUsed
VNL_GetIsHost64Bit
VNL_GetIsHostVista
VNL_GetIsHostWXP
VNL_GetNATConfigFilePath
VNL_GetNATLeaseFilePath
VNL_GetNATParam
VNL_GetNATPortForward
VNL_GetNATPrivPort
VNL_GetNATStatus
VNL_GetNumberOfVnets
VNL_GetProductInstallPath
VNL_GetSuppressDriverPrompt
VNL_GetUsbProductInstallPath
VNL_GetUserIfStatus
VNL_GetVNetFeatures
VNL_GetVnetAdapterAddr
VNL_GetVnetAdapterConfigured
VNL_GetVnetAdapterStatus
VNL_GetVnetAdapterUserSpecifiedName
VNL_GetVnetDisplayName
VNL_GetVnetSubnetAddr
VNL_GetVnetSubnetMask
VNL_GetVnetUseDHCP
VNL_GetVnetUseNAT
VNL_HasSufficientRightsToInstall
VNL_ImportDatabaseFromFile
VNL_InstallDHCP
VNL_InstallHcmon
VNL_InstallHcmonInf
VNL_InstallHostDrivers
VNL_InstallInfW2K
VNL_InstallNAT
VNL_InstallNetworkAdapter
VNL_InstallNetworkBridge
VNL_InstallUSB
VNL_InstallUserIf
VNL_InstallVMCI
VNL_InstallVMX86
VNL_InstallVMX86Inf
VNL_InstallVmkbd
VNL_InstallVmkbdInf
VNL_InstallVmusb
VNL_OpenHostPacketFilter
VNL_OpenHostPacketFilterLog
VNL_ParseBackupDatabase
VNL_PauseHostPacketFilterLog
VNL_QueryTeaming
VNL_QueryTeamingState
VNL_ReinstallNetworkComponents
VNL_RemoveAllNetworkDevices
VNL_RemoveHostPacketFilter
VNL_RestoreDatabase
VNL_RestoreDatabaseFromRegistry
VNL_ResumeHostPacketFilterLog
VNL_SafeToInstallNetworkComponents
VNL_SafeToStopBridge
VNL_SetBridgeHints
VNL_SetBridgeState
VNL_SetCurrentLogLevel
VNL_SetDHCPFilePaths
VNL_SetDHCPIPToMAC
VNL_SetDHCPParam
VNL_SetDefaultLogLevel
VNL_SetHostPacketFilter
VNL_SetInstallBridge
VNL_SetInstallCustomNetworkConfig
VNL_SetInstallDHCPOnlyIfUsed
VNL_SetInstallNATOnlyIfUsed
VNL_SetNATParam
VNL_SetNATPortForward
VNL_SetNATPrivPort
VNL_SetProductInstallPath
VNL_SetSuppressDriverPrompt
VNL_SetVnetAdapterAddr
VNL_SetVnetAdapterUserSpecifiedName
VNL_SetVnetDisplayName
VNL_SetVnetSubnetAddr
VNL_SetVnetSubnetMask
VNL_SetVnetUseDHCP
VNL_SetVnetUseNAT
VNL_StartBridge
VNL_StartDHCP
VNL_StartHcmon
VNL_StartNAT
VNL_StartUserIf
VNL_StartVMCI
VNL_StartVMX86
VNL_StartVmkbd
VNL_StopBridge
VNL_StopDHCP
VNL_StopHcmon
VNL_StopNAT
VNL_StopUserIf
VNL_StopVMCI
VNL_StopVMX86
VNL_StopVmkbd
VNL_UninstallDHCP
VNL_UninstallHcmon
VNL_UninstallHcmonInf
VNL_UninstallHostDrivers
VNL_UninstallLegacyNetwork
VNL_UninstallNAT
VNL_UninstallNetworkAdapter
VNL_UninstallNetworkBridge
VNL_UninstallNetworkComponents
VNL_UninstallNetworkInfFiles
VNL_UninstallUSB
VNL_UninstallUserIf
VNL_UninstallVMCI
VNL_UninstallVMX86
VNL_UninstallVMX86Inf
VNL_UninstallVmkbd
VNL_UninstallVmkbdInf
VNL_UninstallVmusb
VNL_UpdateAdapterFromConfig
VNL_UpdateDHCPFromConfig
VNL_UpdateDriverW2K
VNL_UpdateNATFromConfig
VNL_Version

Sections

.text
Size: 721KB - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df8d9c0db3da412af4a1420e58fffab1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

advapi32

setupapi

iphlpapi

user32

ole32

oleaut32

mprapi

newdev

shell32

rpcrt4

crypt32

wintrust

Exports

Exports

Sections

.text Size: 721KB - Virtual size: 720KB

.rdata Size: 423KB - Virtual size: 422KB

.data Size: 82KB - Virtual size: 95KB

.pdata Size: 31KB - Virtual size: 30KB

.didat Size: 512B - Virtual size: 40B

_RDATA Size: 512B - Virtual size: 512B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 721KB - Virtual size: 720KB

.rdata
Size: 423KB - Virtual size: 422KB

.data
Size: 82KB - Virtual size: 95KB

.pdata
Size: 31KB - Virtual size: 30KB

.didat
Size: 512B - Virtual size: 40B

_RDATA
Size: 512B - Virtual size: 512B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 8KB