a75fa878a87077ae1001fe5d84c181c01b4052be2a633eb72d01f15627594c79N

Sharing

Copy URL

Twitter E-mail

General

Target

a75fa878a87077ae1001fe5d84c181c01b4052be2a633eb72d01f15627594c79N
Size

82KB
MD5

c804193167d44d512e7426aac087bca0
SHA1

287e1400902b54d72c1bf60921696b885ae3472f
SHA256

a75fa878a87077ae1001fe5d84c181c01b4052be2a633eb72d01f15627594c79
SHA512

9efa37177999c3b8b8895e02e0f8b51b79801ee1c2fa5cadda6d7f5c1a58e7bcb9decadc243dc9d60494fe80d785b183fe414cd16034f2cc5a135efb7d82c0c9
SSDEEP

1536:Zt1zfMb102/aIa9pJtpYpQUJTEwUl/ZfqXrZG8KZNcBW2FjEtg7+2gY:Zt9A1haIa9p7pYpQUhk9ZfqXrZPEte+2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a75fa878a87077ae1001fe5d84c181c01b4052be2a633eb72d01f15627594c79N

Files

a75fa878a87077ae1001fe5d84c181c01b4052be2a633eb72d01f15627594c79N
.dll windows:6 windows x86 arch:x86

4ff19e5e153e9035b284186e0adc93e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Windows\Temp\vcpkg\buildtrees\pkcs11-helper\x86-windows-ovpn-rel\lib\libpkcs11-helper-1.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryExA
LoadLibraryA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
WideCharToMultiByte
Sleep
CloseHandle
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

libcrypto-3

ECDSA_SIG_new
EC_KEY_set_method
DSA_meth_free
EC_KEY_get_ex_data
EC_KEY_set_ex_data
DSA_get_ex_data
DSA_set_ex_data
ECDSA_SIG_free
ECDSA_SIG_set0
EC_KEY_METHOD_new
EC_KEY_METHOD_free
EC_KEY_METHOD_set_sign
DSA_meth_set_sign
EC_KEY_METHOD_get_sign
DSA_free
DSA_set_method
X509_get_pubkey
DSA_get_default_method
DSA_meth_set1_name
d2i_X509
X509_free
DSA_SIG_set0
DSA_SIG_free
DSA_SIG_new
RSA_meth_set_priv_dec
RSA_meth_set_priv_enc
RSA_meth_set_flags
RSA_meth_set1_name
RSA_meth_dup
RSA_meth_free
RSA_get_ex_data
RSA_set_ex_data
RSA_set_method
RSA_get_default_method
RSA_free
EC_KEY_free
X509_dup
DSA_meth_dup
EC_KEY_get_default_method
RSA_size
EVP_PKEY_free
EVP_PKEY_get1_EC_KEY
EVP_PKEY_set1_EC_KEY
EVP_PKEY_get1_DSA
EVP_PKEY_set1_DSA
EVP_PKEY_get1_RSA
EVP_PKEY_set1_RSA
EVP_PKEY_get_id
BN_free
BN_bin2bn
BN_clear_free
CRYPTO_get_ex_new_index
X509_new

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
strrchr
strchr
memcpy
memmove
memset

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

strncmp
strncat
isxdigit
strncpy

api-ms-win-crt-time-l1-1-0

_localtime64
asctime
_mktime64
_time64

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_beginthreadex
_cexit
_initialize_narrow_environment

Exports

Exports

pkcs11h_addProvider
pkcs11h_certificate_create
pkcs11h_certificate_decrypt
pkcs11h_certificate_decryptAny
pkcs11h_certificate_decryptAny_ex
pkcs11h_certificate_decrypt_ex
pkcs11h_certificate_deserializeCertificateId
pkcs11h_certificate_duplicateCertificateId
pkcs11h_certificate_ensureCertificateAccess
pkcs11h_certificate_ensureKeyAccess
pkcs11h_certificate_enumCertificateIds
pkcs11h_certificate_enumTokenCertificateIds
pkcs11h_certificate_freeCertificate
pkcs11h_certificate_freeCertificateId
pkcs11h_certificate_freeCertificateIdList
pkcs11h_certificate_getCertificateBlob
pkcs11h_certificate_getCertificateId
pkcs11h_certificate_getPromptMask
pkcs11h_certificate_getUserData
pkcs11h_certificate_lockSession
pkcs11h_certificate_releaseSession
pkcs11h_certificate_serializeCertificateId
pkcs11h_certificate_setCertificateIdCertificateBlob
pkcs11h_certificate_setPromptMask
pkcs11h_certificate_setUserData
pkcs11h_certificate_sign
pkcs11h_certificate_signAny
pkcs11h_certificate_signAny_ex
pkcs11h_certificate_signRecover
pkcs11h_certificate_signRecover_ex
pkcs11h_certificate_sign_ex
pkcs11h_certificate_unwrap
pkcs11h_certificate_unwrap_ex
pkcs11h_data_del
pkcs11h_data_enumDataObjects
pkcs11h_data_freeDataIdList
pkcs11h_data_get
pkcs11h_data_put
pkcs11h_engine_setCrypto
pkcs11h_engine_setSystem
pkcs11h_forkFixup
pkcs11h_getFeatures
pkcs11h_getLogLevel
pkcs11h_getMessage
pkcs11h_getProperty
pkcs11h_getVersion
pkcs11h_initialize
pkcs11h_initializeProvider
pkcs11h_logout
pkcs11h_openssl_createSession
pkcs11h_openssl_freeSession
pkcs11h_openssl_getCleanupHook
pkcs11h_openssl_getX509
pkcs11h_openssl_session_getEVP
pkcs11h_openssl_session_getRSA
pkcs11h_openssl_session_getX509
pkcs11h_openssl_setCleanupHook
pkcs11h_plugAndPlay
pkcs11h_registerProvider
pkcs11h_removeProvider
pkcs11h_setForkMode
pkcs11h_setLogHook
pkcs11h_setLogLevel
pkcs11h_setMaxLoginRetries
pkcs11h_setPINCachePeriod
pkcs11h_setPINPromptHook
pkcs11h_setProperty
pkcs11h_setProtectedAuthentication
pkcs11h_setProviderProperty
pkcs11h_setProviderPropertyByName
pkcs11h_setSlotEventHook
pkcs11h_setTokenPromptHook
pkcs11h_terminate
pkcs11h_token_deserializeTokenId
pkcs11h_token_duplicateTokenId
pkcs11h_token_ensureAccess
pkcs11h_token_enumTokenIds
pkcs11h_token_freeTokenId
pkcs11h_token_freeTokenIdList
pkcs11h_token_login
pkcs11h_token_logout
pkcs11h_token_sameTokenId
pkcs11h_token_serializeTokenId

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ff19e5e153e9035b284186e0adc93e4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

libcrypto-3

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB