3e259ee63139a2993c4fedca57a824a78f5a027a902a29539cdbcd0e94f00e2e

Sharing

Copy URL

Twitter E-mail

General

Target

3e259ee63139a2993c4fedca57a824a78f5a027a902a29539cdbcd0e94f00e2e
Size

714KB
MD5

47c989b9caceb7902d35aabb0e3c8abd
SHA1

0e21cfa83af6d77c0b205b78b5b72fe2500aac52
SHA256

3e259ee63139a2993c4fedca57a824a78f5a027a902a29539cdbcd0e94f00e2e
SHA512

512ea6c223675e4121df2457f7f7811b054fc252724e49db6ca82411c119974916886e916c04bfb7a6783ca6723402a127951e4006510b0c148406a3481a5492
SSDEEP

12288:U/LSXwyzTOa7vrXwEpsGTPGWzMyWZms0a8RCwzyFS89ksLpgcPxH+uSJEU2EInDc:MWXwyzTOa7vrXwEijksLpPxeuXUb2WC2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e259ee63139a2993c4fedca57a824a78f5a027a902a29539cdbcd0e94f00e2e

Files

3e259ee63139a2993c4fedca57a824a78f5a027a902a29539cdbcd0e94f00e2e
.dll windows:5 windows x86 arch:x86

6686adf089ada2cc600ba6c56cbd6ee8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\whds\RemoteControl\RemoteControlModule\trunk\bin\wzRemoteSvrModule.pdb

Imports

kernel32

GetProcessHeap
CreateEventA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
Sleep
GetTickCount
WriteFile
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
TlsAlloc
InterlockedExchangeAdd
PostQueuedCompletionStatus
OutputDebugStringA
TlsFree
WaitForSingleObject
GetSystemTimeAsFileTime
CreateSemaphoreA
ReleaseSemaphore
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SleepEx
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
VerifyVersionInfoA
CreateWaitableTimerA
TlsGetValue
TerminateProcess
GetCurrentProcess
LoadLibraryW
GetProcAddress
DeleteFileA
FreeLibrary
DeleteFileW
GetModuleFileNameW
OutputDebugStringW
LoadLibraryA
lstrcmpiA
GetCurrentProcessId
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetLocalTime
CreateProcessA
HeapSize
Process32First
OpenProcess
Process32Next
GetComputerNameA
WaitForMultipleObjectsEx
InterlockedCompareExchange
SetLastError
TlsSetValue
GetModuleFileNameA
GetCurrentThreadId
GetModuleHandleA
GetSystemInfo
SetLocalTime
SetErrorMode
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
UnregisterWaitEx
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
ReadFile
GetFileSize
SetEvent
DecodePointer
CreateFileA
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
DuplicateHandle
VirtualProtect
VirtualFree
SetEnvironmentVariableA
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
FlushFileBuffers
SetFilePointerEx
GetConsoleCP
GetFileType
GetStdHandle
ReadConsoleW
GetConsoleMode
GetCurrentThread
GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetLastError
RaiseException
CreateToolhelp32Snapshot
WaitForSingleObjectEx
EncodePointer
MultiByteToWideChar
GetStringTypeW
OpenEventA
ResetEvent
ResumeThread
GetLogicalProcessorInformation
LocalFree
FormatMessageA
IsDebuggerPresent
CreateThread
ExitThread
LoadLibraryExW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCommandLineA
RtlUnwind
GetCPInfo
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetModuleHandleW
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
GetStartupInfoW
CreateSemaphoreW
IsProcessorFeaturePresent
CompareStringW

user32

MessageBoxA

nettcp

NetTcpDestroy
NetTcpCreate
NetTcpSend
NetTcpConnect
NetTcpListen
NetTcpStartup
NetTcpGetAddr

netudp

NetUdpCreate
NetUdpSendTo
NetUdpStartup

ws2_32

recvfrom
htons
gethostbyname
bind
closesocket
setsockopt
socket
htonl
ntohl
WSACleanup
WSAStartup
sendto
inet_addr

shlwapi

PathCombineW
PathRemoveFileSpecW
StrCpyW

rpcrt4

UuidCreate

iphlpapi

SendARP
GetAdaptersInfo

Sections

.text
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6686adf089ada2cc600ba6c56cbd6ee8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

nettcp

netudp

ws2_32

shlwapi

rpcrt4

iphlpapi

Sections

.text Size: 526KB - Virtual size: 526KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 24KB - Virtual size: 42KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 526KB - Virtual size: 526KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 24KB - Virtual size: 42KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 33KB - Virtual size: 33KB