bbafb0c894e4f4bd62424d38ee996cdbc261864eed8e7c439b01094ee002545e

Sharing

Copy URL Twitter E-mail

General

Target

bbafb0c894e4f4bd62424d38ee996cdbc261864eed8e7c439b01094ee002545e
Size

4.6MB
MD5

180ab84ab0bf2c05352fa249358accfd
SHA1

67f54e69659aaa9cdbdd073fa053aa723d7efcbf
SHA256

bbafb0c894e4f4bd62424d38ee996cdbc261864eed8e7c439b01094ee002545e
SHA512

af57e47060cc8818c002ce18073d3ca1c1e3d1483e6a81df9656362581fe45d564ab50287be7c6ce6ee17699fac4de084d31dc13daad3dfe360ccc3f64287dde
SSDEEP

98304:WE9Uad6rRUIe4/MdX4cUtkUOIWHp6xMb8pH5iKwLilfl+:WE9UadARl/MWoUkpUMIiLUl+

Score

1^/10

Malware Config

Signatures

Files

bbafb0c894e4f4bd62424d38ee996cdbc261864eed8e7c439b01094ee002545e
.dll windows:6 windows x64 arch:x64

be1b2acc13a1e141721d9db9a295c986

Code Sign

e4:98:e6:12:37:83:f8:97
Certificate

Issuer

CN=NVIDIA GameStream Server

Not Before

02/05/2018, 00:17

Not After

02/05/2038, 00:17

Subject

CN=NVIDIA GameStream Server

77:e8:a0:fc:94:13:c3:61:bf:e7:4b:94:b7:0d:be:0c:41:62:e2:4c
Signer

Actual PE Digest

77:e8:a0:fc:94:13:c3:61:bf:e7:4b:94:b7:0d:be:0c:41:62:e2:4c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetLastError
Process32NextW
LockResource
DeleteFileW
Process32FirstW
CloseHandle
CreateThread
LoadResource
FindResourceW
GetProcAddress
GetFileSize
ExitProcess
GetModuleHandleW
HeapFree
VirtualFree
VirtualAlloc
GetProcessHeap
SetLastError
VirtualUnlock
VirtualLock
GetCurrentProcessId
GetCommandLineW
GetEnvironmentVariableA
GetSystemInfo
GetSystemTimeAsFileTime
GetPrivateProfileStringW
WriteConsoleW
HeapSize
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
FindClose
SetStdHandle
SetFilePointerEx
LCMapStringW
CreateToolhelp32Snapshot
MultiByteToWideChar
FreeResource
CreateFileW
GetModuleFileNameW
GetPrivateProfileIntW
WriteFile
GetCurrentProcess
FindNextFileW
WritePrivateProfileStringW
SizeofResource
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
GetStdHandle
HeapAlloc
WideCharToMultiByte
GetFileType
GetModuleHandleExW
TerminateProcess
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedFlushSList
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter

user32

PostQuitMessage
GetDlgItem
GetDlgItemInt
wsprintfW
SetDlgItemTextA
TranslateMessage
GetDlgItemTextW
SetWindowTextA
SetDlgItemTextW
GetWindowTextA
IsDialogMessageW
DispatchMessageW
ShowWindow
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
MessageBoxW
SetWindowPos
DestroyWindow
GetFocus
GetWindowRect
MapVirtualKeyW
PostMessageW
CreateDialogParamW
GetMessageW
EnableWindow

gdi32

CreateFontIndirectW

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegSetValueExA
OpenProcessToken

shell32

ord680
ShellExecuteA

ntdll

NtAdjustPrivilegesToken
NtDuplicateObject
RtlAnsiStringToUnicodeString
RtlNtStatusToDosError
NtDeviceIoControlFile
NtClose
RtlImageNtHeader
LdrLoadDll
RtlInitUnicodeString
LdrUnloadDll
NtOpenProcessToken
RtlInitializeSid
LdrGetProcedureAddress
RtlAllocateHeap
NtQuerySystemInformation
NtUnloadDriver
RtlSubAuthoritySid
RtlSetDaclSecurityDescriptor
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
LdrFindResource_U
RtlLengthSid
RtlLengthRequiredSid
RtlAddAccessAllowedAce
RtlValidSecurityDescriptor
NtFlushBuffersFile
NtOpenDirectoryObject
RtlExpandEnvironmentStrings
NtQueryDirectoryObject
RtlFreeHeap
RtlInitString
RtlCreateAcl
RtlCreateSecurityDescriptor
NtCreateFile
RtlSetLastWin32Error
NtLoadDriver
LdrAccessResource
RtlLengthSecurityDescriptor
NtSetSecurityObject
NtWriteFile

msdelta

DeltaFree
ApplyDeltaB

Exports

Exports

STYStart

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fF>{"}0
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be1b2acc13a1e141721d9db9a295c986

Code Sign

e4:98:e6:12:37:83:f8:97Certificate

77:e8:a0:fc:94:13:c3:61:bf:e7:4b:94:b7:0d:be:0c:41:62:e2:4cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ntdll

msdelta

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 3.0MB - Virtual size: 3.0MB

.pdata Size: 6KB - Virtual size: 6KB

fF>{"}0 Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 26KB - Virtual size: 25KB

e4:98:e6:12:37:83:f8:97
Certificate

77:e8:a0:fc:94:13:c3:61:bf:e7:4b:94:b7:0d:be:0c:41:62:e2:4c
Signer

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 3.0MB - Virtual size: 3.0MB

.pdata
Size: 6KB - Virtual size: 6KB

fF>{"}0
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 25KB