ad8fe47312233c86d08809079e1130c0N

Sharing

Copy URL Twitter E-mail

General

Target

ad8fe47312233c86d08809079e1130c0N
Size

109KB
MD5

ad8fe47312233c86d08809079e1130c0
SHA1

caa30d21f1948eee04e32a4f42985fb95bf4058a
SHA256

bcc10bf18889c928d4b18d7a144dc3260bebb9039ada4b1ae118292995ba1499
SHA512

1671cf43ab0e495cbc624c64291f19a6f8752b6528ba49571c28e198c9b7e50ccf2ec60190dba1f3392356bcb29923c669b3e0f772aaa8c4b381c827ee1494f8
SSDEEP

1536:H6G/jDnaQEG6B72LYfPBJLO0jiuwdXRKm6Sg2nWDzRgzNKsW/d09dlRn1j0+:aG/j+nBVnwZRKZp2nWDlgkMb1j0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad8fe47312233c86d08809079e1130c0N

Files

ad8fe47312233c86d08809079e1130c0N
.dll windows:5 windows x64 arch:x64

ca73d213c84eb9324cd0aef2c1b41e8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\dynamorio\dynamorio\build_release-64\api\bin\modxfer.pdb

Imports

drx

drx_exit
drx_insert_counter_update
drx_open_unique_appid_file
drx_init

drreg

drreg_exit
drreg_init
drreg_restore_app_values

drmgr

drmgr_unregister_module_unload_event
drmgr_register_module_unload_event
drmgr_unregister_module_load_event
drmgr_register_module_load_event
drmgr_is_first_instr
drmgr_unregister_bb_instrumentation_event
drmgr_register_bb_instrumentation_event
drmgr_init
drmgr_exit

dynamorio

dr_is_notify_on
dr_log
dr_mutex_unlock
dr_mutex_lock
dr_mutex_destroy
dr_messagebox
dr_abort
dr_set_client_name
dr_module_preferred_name
dr_free_module_data
dr_copy_module_data
dr_register_exit_event
dr_fprintf
dr_enable_console_printing
dr_snprintf
dr_fragment_app_pc
instr_get_next_app
instr_get_target
instr_is_return
instr_is_mbr
dr_insert_mbr_instrumentation
instrlist_first_app
dr_get_process_id
dr_get_client_path
dr_close_file
dr_get_stderr_file
dr_mutex_create

kernel32

EnterCriticalSection
WriteConsoleW
CreateFileW
SetFilePointerEx
HeapReAlloc
HeapSize
GetStringTypeW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
WriteFile
GetStdHandle
CloseHandle
HeapFree
GetModuleFileNameW
GetModuleHandleExW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
SetStdHandle
GetFileType
GetCurrentProcess
ExitProcess
TerminateProcess

Exports

Exports

_DR_CLIENT_AVX512_CODE_IN_USE_
_USES_DR_VERSION_
dr_client_main

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca73d213c84eb9324cd0aef2c1b41e8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

drx

drreg

drmgr

dynamorio

kernel32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 64.2MB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 64.2MB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB