09dc943b0cf9ee6e2aa7fe57fb85ad338748bc35954635fbbab94b4d1c0083b0

Sharing

Copy URL Twitter E-mail

General

Target

09dc943b0cf9ee6e2aa7fe57fb85ad338748bc35954635fbbab94b4d1c0083b0
Size

564KB
MD5

f2a142eece05f880b058679d697b8695
SHA1

519ef596e338dcc2eebe65066cc0dd1314278297
SHA256

09dc943b0cf9ee6e2aa7fe57fb85ad338748bc35954635fbbab94b4d1c0083b0
SHA512

96fa7f89eeb17e9eff2b609f8369e4eeee85fa6bd724655439dd3d370b9b3aa04a842a41dbf51074e780de54cd576c46248dc96ff95b6327cf99d2e8c769417a
SSDEEP

12288:Q3u3h/kPNYynA7OIlKDUBXm2RGNeFSR0rDlmjxdQFzh82qfOoa6MlWRKcb:Q3u3FkP8mWGNePmjQFzhZq2L6Ml

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09dc943b0cf9ee6e2aa7fe57fb85ad338748bc35954635fbbab94b4d1c0083b0

Files

09dc943b0cf9ee6e2aa7fe57fb85ad338748bc35954635fbbab94b4d1c0083b0
.dll windows:6 windows x64 arch:x64

6275aa064842064c15f2ec50ece2678c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\x64\Release\JabraPluginController.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

SetEndOfFile
WriteConsoleW
InitializeCriticalSectionEx
GetModuleFileNameW
CreateTimerQueueTimer
WaitForSingleObject
CreateSemaphoreA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReleaseSemaphore
K32EnumProcesses
CloseHandle
K32GetModuleFileNameExW
K32EnumProcessModulesEx
OpenProcess
GetLastError
GetFileAttributesW
GetTickCount
DeleteTimerQueueTimer
RtlCaptureContext
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
SetEvent
CreateEventW
ReleaseMutex
CreateMutexA
CreateEventA
Sleep
CreateFileA
ReadFile
WriteFile
OutputDebugStringA
GetOverlappedResult
CancelIo
ResetEvent
WaitForMultipleObjects
GetCurrentThreadId
GetExitCodeThread
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
OpenMutexW
CreateMutexW
UnmapViewOfFile
CreateThread
OpenEventW
WideCharToMultiByte
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlUnwind
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
HeapFree
HeapAlloc
GetStdHandle
GetFileSizeEx
SetFilePointerEx
GetCurrentDirectoryW
GetFullPathNameW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetFolderPathW

hid

HidD_SetFeature
HidD_GetFeature
HidD_FreePreparsedData
HidD_GetPreparsedData
HidD_GetAttributes
HidP_GetUsageValueArray
HidD_GetProductString
HidP_SetUsageValueArray
HidP_SetUsageValue
HidP_GetUsagesEx
HidP_UnsetUsages
HidP_SetUsages
HidP_GetSpecificValueCaps
HidP_GetSpecificButtonCaps
HidP_GetCaps
HidD_GetHidGuid
HidD_GetSerialNumberString
HidP_GetUsageValue

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
CM_Get_Device_IDA
CMP_WaitNoPendingInstallEvents
CM_Get_Parent
SetupDiDestroyDeviceInfoList

user32

wsprintfW

ole32

CoCreateGuid
CLSIDFromString

Exports

Exports

?createPluginControl@plugin_control@@YA?AV?$shared_ptr@VIPluginCallControlCallback@plugin_control@@@std@@AEBV?$weak_ptr@VIPluginLogger@plugin_control@@@3@@Z
?stopPluginControl@plugin_control@@YAXXZ
createPluginControlFacade
stopPluginControlFacade

Sections

.text
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6275aa064842064c15f2ec50ece2678c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

advapi32

shell32

hid

setupapi

user32

ole32

Exports

Exports

Sections

.text Size: 404KB - Virtual size: 404KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 7KB - Virtual size: 13KB

.pdata Size: 18KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 404KB - Virtual size: 404KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 7KB - Virtual size: 13KB

.pdata
Size: 18KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB