6f0d517369c207986b5d54780b6520753c98eaa9038e3d0103018ac7d4d53be7

Sharing

Copy URL

Twitter E-mail

General

Target

6f0d517369c207986b5d54780b6520753c98eaa9038e3d0103018ac7d4d53be7
Size

954KB
MD5

1b38687acf5e0109388a0751e8683a88
SHA1

99317f363f1bef86d55aa8871193d44f4f6d4e56
SHA256

6f0d517369c207986b5d54780b6520753c98eaa9038e3d0103018ac7d4d53be7
SHA512

c0e425a9a66212a2c1c9036f9d8f01b94c9d27c6f7d26eb7a2b01069a868422f7a84513d2e305de6dce96246032b269ec86a52c8f881572298caeb4c02332c34
SSDEEP

12288:3VCfFxgDDYo1OGMZAOjDI8kpJWII1L2655/GRA/y8OMwVDGjuSrZ:lIiEo1OYOj882fSL26R68OMwxGj7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f0d517369c207986b5d54780b6520753c98eaa9038e3d0103018ac7d4d53be7

Files

6f0d517369c207986b5d54780b6520753c98eaa9038e3d0103018ac7d4d53be7
.exe windows:5 windows x86 arch:x86

80ac3a2087da95a16531c8ee47061a3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\his-dll\Source\vs2015\HttpServer4.0\Release\HttpServer.pdb

Imports

kernel32

TlsAlloc
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateEventW
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SetEvent
SleepEx
Sleep
InterlockedExchangeAdd
InterlockedExchange
InterlockedIncrement
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
InterlockedCompareExchange
SetLastError
VerSetConditionMask
VerifyVersionInfoA
GetPrivateProfileIntA
CreateMutexA
CreateThread
ExitProcess
GetCurrentProcess
GetVersionExA
TlsGetValue
TlsSetValue
TlsFree
CreateWaitableTimerA
IsDebuggerPresent
OutputDebugStringW
ReadConsoleW
ReadFile
SetEndOfFile
WriteConsoleW
CreateFileW
SetFilePointerEx
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileAttributesExW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
LocalFree
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
GetProcessHeap
HeapSize
GetFileType
WideCharToMultiByte
FormatMessageW
GetLongPathNameA
LoadLibraryA
FormatMessageA
SetCurrentDirectoryA
GetSystemDirectoryA
FreeLibrary
GetModuleFileNameA
InterlockedDecrement
GetProcAddress
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
WriteFile
GetStdHandle
HeapReAlloc
HeapFree
HeapAlloc
GetModuleHandleExW
ExitThread
VirtualQuery
GetSystemInfo
RtlUnwind
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
DecodePointer
GetLastError
GetOEMCP
RaiseException
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetCurrentThreadId
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateDirectoryA
GetWindowsDirectoryA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation

user32

wsprintfA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
MessageBoxA
DestroyWindow
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcA
SendMessageA
DestroyMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
GetSubMenu
GetWindowLongA
LoadMenuA
UpdateWindow
ShowWindow
CreateWindowExA
GetSystemMetrics
RegisterClassExA
LoadCursorA

advapi32

CreateServiceA
RegCloseKey
RegQueryValueExA
ControlService
QueryServiceStatus
CloseServiceHandle
StartServiceA
RegOpenKeyExA
OpenServiceA
OpenSCManagerA
GetTokenInformation
OpenProcessToken

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
StringFromCLSID
CLSIDFromString
CoInitialize
CoTaskMemFree
CoCreateInstance

shell32

Shell_NotifyIconA
ShellExecuteA
ShellExecuteExA

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
LoadTypeLi

shlwapi

PathAppendA
PathRemoveFileSpecA
PathStripToRootA

ws2_32

setsockopt
WSARecv
bind
WSASocketW
listen
WSACleanup
WSAStartup
htons
htonl
WSASetLastError
closesocket
ioctlsocket
WSASend
shutdown
WSAStringToAddressW
WSAGetLastError
ntohl

mswsock

AcceptEx
GetAcceptExSockaddrs

gdi32

CreateFontA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 574KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80ac3a2087da95a16531c8ee47061a3e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

ws2_32

mswsock

gdi32

iphlpapi

Sections

.text Size: 574KB - Virtual size: 573KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 32KB - Virtual size: 50KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 183KB - Virtual size: 182KB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 574KB - Virtual size: 573KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 32KB - Virtual size: 50KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 183KB - Virtual size: 182KB

.reloc
Size: 33KB - Virtual size: 32KB