IID_IClassAdmin
NWCServiceMain
NetWareAccess
Static task
static1
Behavioral task
behavioral1
Sample
6216aa1b38985072cd0b7d8b8f381aa17eae79861d4ac37e046a302b7b5ee8df.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6216aa1b38985072cd0b7d8b8f381aa17eae79861d4ac37e046a302b7b5ee8df.dll
Resource
win10v2004-20240802-en
Target
6216aa1b38985072cd0b7d8b8f381aa17eae79861d4ac37e046a302b7b5ee8df
Size
427KB
MD5
fcc2aad494b4f12480a1c8b0b944c70a
SHA1
a6d8dcf65dd1b004d60e6121683920e09feaa680
SHA256
6216aa1b38985072cd0b7d8b8f381aa17eae79861d4ac37e046a302b7b5ee8df
SHA512
c3595ada7221e5ab4149a5ce7221704904b6a0dcda37dcfe9cf5a74a98c6c8e1b09b1a06299c3f1be5342596f8e4a5660c57690ba96a962ac12008806f872f58
SSDEEP
1536:8fzl4nyjgF5ROb+dWGszDtsggIlJumzUXgd7ce8+sWjcdmIaQcYZXsnR/2SywltC:4z2pWxcmh8hLcYanR/2SFS
Checks for missing Authenticode signature.
resource |
---|
6216aa1b38985072cd0b7d8b8f381aa17eae79861d4ac37e046a302b7b5ee8df |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
lstrcmpA
SetUnhandledExceptionFilter
GetSystemDefaultLCID
GetDriveTypeA
GetExitCodeProcess
CreateProcessA
GetStartupInfoA
GetLogicalDriveStringsA
CopyFileA
GetExitCodeThread
CreatePipe
GetVersionExA
GetTempPathA
DeleteFileA
FlushFileBuffers
HeapSize
WriteConsoleW
GetFileSize
GetSystemTime
GetLastError
CreateToolhelp32Snapshot
Process32Next
OpenProcess
Process32First
LocalFree
ReadFile
GlobalFree
GlobalAlloc
Sleep
SetEvent
CreateThread
CreateEventA
WaitForSingleObject
lstrcpyA
CloseHandle
GetModuleHandleA
GetModuleFileNameA
GetLocalTime
GetProcAddress
lstrcmpiA
lstrcatA
HeapReAlloc
RtlUnwind
SetStdHandle
WTSGetActiveConsoleSessionId
LCMapStringW
GetStringTypeW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
CreateFileW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
RaiseException
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetSystemDirectoryA
GetSystemWow64DirectoryA
WriteFile
GetCurrentProcess
lstrlenA
SetFilePointer
CreateFileA
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
GetProcessHeap
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetDesktopWindow
GetWindowDC
GetSystemMetrics
BitBlt
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetServiceStatus
ConvertSidToStringSidA
GetTokenInformation
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
CreateProcessAsUserA
CryptDestroyKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
RegCloseKey
RegisterServiceCtrlHandlerA
SHGetSpecialFolderPathA
GetTcpTable
WTSQueryUserToken
htons
closesocket
WSACleanup
WSAStartup
send
socket
recv
setsockopt
inet_addr
gethostname
inet_ntoa
ntohs
gethostbyname
connect
GdipScaleWorldTransform
GdipDeleteGraphics
GdipDisposeImage
GdipDrawImageI
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipSaveImageToFile
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0
CertFreeCertificateContext
CertStrToNameW
CertCloseStore
CertCreateSelfSignCertificate
CryptFindCertificateKeyProvInfo
EncryptMessage
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeContextBuffer
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesA
FreeCredentialsHandle
IID_IClassAdmin
NWCServiceMain
NetWareAccess
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ