2e136fec67ebea9c72723f034068cc10N

Sharing

Copy URL Twitter E-mail

General

Target

2e136fec67ebea9c72723f034068cc10N
Size

466KB
MD5

2e136fec67ebea9c72723f034068cc10
SHA1

b2fbb487489fad572e0c64d3b7c25b89e6d19a0b
SHA256

3bc24e26eb62f6bfd627259a4f176c4030285e5b73b7bfb76bef6332c977f55f
SHA512

12e60c3fa09ed1358113bbc6897548997d2d54f6daf420209154c1c1b618c48dcc7035f99e8cb99d5427317f225ba9d5ea3e0ad5eb2780ec4e8a64d3b0fd6841
SSDEEP

6144:198WvEhZVpRbHwQPUWyr7BPcPCjuUmWmmCuwl/QhOHI49lobMucZC/Sma0M4:1WWvEher7BPc+uULwBoSI32Y/q0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e136fec67ebea9c72723f034068cc10N

Files

2e136fec67ebea9c72723f034068cc10N
.dll windows:5 windows x86 arch:x86

38fcb876d3926a47deded7bd74efa3f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\dynamorio\dynamorio\build_debug-32\ext\lib32\debug\drsyms.pdb

Imports

dbghelp

UnDecorateSymbolName
SymGetOptions
SymCleanup
SymGetModuleInfoW64
SymEnumLines
SymGetLineFromAddrW64
SymInitialize
SymLoadModuleExW
SymUnloadModule64
SymFromAddr
SymFromName
SymEnumSymbols
SymGetTypeInfo
SymGetTypeFromName
SymSetOptions

dynamorio

_allrem
_alldiv
_chkstk
_aullshr
_aullrem
_aulldiv
_allshl
dr_symbol_export_iterator_stop
dr_symbol_export_iterator_next
dr_symbol_export_iterator_hasnext
dr_symbol_export_iterator_start
proc_restore_fpstate
proc_save_fpstate
dr_file_exists
__wrap_free
__wrap_malloc
tolower
dr_snprintf
dr_fprintf
dr_messagebox
dr_get_stderr_file
dr_unmap_file
dr_map_file
dr_file_size
dr_close_file
dr_open_file
dr_atomic_add32_return_sum
dr_recurlock_self_owns
dr_recurlock_unlock
dr_recurlock_lock
dr_recurlock_destroy
dr_recurlock_create
dr_global_free
dr_global_alloc
dr_abort
dr_persist_start
dr_persist_size
dr_fragment_persistable
dr_mutex_create
dr_mutex_destroy
dr_mutex_lock
dr_mutex_unlock
dr_mutex_self_owns
dr_write_file
__wrap_calloc
__wrap_strdup
__wrap_realloc
strstr
dr_snwprintf

kernel32

InitializeSListHead
CreateFileW
CloseHandle
DecodePointer
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
WriteConsoleW
OutputDebugStringW
WriteFile
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
GetSystemInfo
HeapValidate
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
RaiseException
EncodePointer
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
InterlockedFlushSList
GetLastError
GetCurrentProcess
GetModuleHandleA
GetProcAddress
LocalFree
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW

Exports

Exports

_DR_CLIENT_AVX512_CODE_IN_USE_
_USES_DR_VERSION_
drsym_demangle_symbol
drsym_enumerate_lines
drsym_enumerate_symbols
drsym_enumerate_symbols_ex
drsym_exit
drsym_expand_type
drsym_free_resources
drsym_get_func_type
drsym_get_module_debug_kind
drsym_get_type
drsym_get_type_by_name
drsym_init
drsym_lookup_address
drsym_lookup_symbol
drsym_module_has_symbols
drsym_search_symbols
drsym_search_symbols_ex

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38fcb876d3926a47deded7bd74efa3f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

dynamorio

kernel32

Exports

Exports

Sections

.text Size: 356KB - Virtual size: 356KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 356KB - Virtual size: 356KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 15KB - Virtual size: 14KB