MpGear[.]dll[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MpGear.dll.exe
Size

592KB
MD5

7f4b739419014e7e1f5b8010d763774c
SHA1

723480e1298ddb1e1f8a9211cb6f20e30b1290ea
SHA256

9bf8610263ad11cc6f655b335ba8c80edab05614bfb2476c0ca435e951250d9a
SHA512

ac97b53e60740a01bdb026f5f4836eb992be0159b3af815a1a8c900f091fed08d96ad28c27c81108bb0cc6e027102b074c012d638b6b94aead5a615f7450a473
SSDEEP

12288:A5LcnKeIaZ+dwGbzSifdhvdE7sjXj8cjb+DYtxP:mLcLIaIxzSwDlfjXjBv8Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MpGear.dll.exe

Files

MpGear.dll.exe
.dll windows:10 windows x64 arch:x64

86d0adb9b2e1f27df0110b9b7b25c534

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MpGear.pdb

Imports

ntdll

RtlGetVersion
RtlCaptureContext
RtlPcToFileHeader
RtlNtStatusToDosError
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry

kernel32

SetThreadpoolThreadMinimum
WaitForThreadpoolWorkCallbacks
WaitForMultipleObjects
SetFilePointerEx
WriteFile
SetEndOfFile
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
GlobalFree
GetComputerNameExW
GetModuleHandleExW
VirtualLock
ReadFile
GetFileSizeEx
CreateFileW
LoadLibraryW
CreateDirectoryW
FindFirstFileW
GetFullPathNameW
FindNextFileW
ExpandEnvironmentStringsW
RemoveDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
FindClose
WaitForSingleObject
GetFileAttributesW
GetSystemDirectoryW
SetFileAttributesW
SetThreadpoolThreadMaximum
SetEvent
DeleteFileW
ResetEvent
CreateProcessW
QueryPerformanceFrequency
GetSystemTime
SwitchToThread
ExitProcess
HeapFree
HeapAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetTimeZoneInformation
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
WaitForSingleObjectEx
SubmitThreadpoolWork
CreateThreadpoolWork
TryEnterCriticalSection
GetFileAttributesExW
GetModuleFileNameW
GetExitCodeProcess
CopyFileW
Sleep
GetTickCount
CreateEventW
GetSystemPowerStatus
CloseHandle
lstrcmpiW
FileTimeToSystemTime
GetTempPathW
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
GetLastError
RaiseException
InterlockedFlushSList
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
InitializeCriticalSection
GetCommandLineW
CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
DecodePointer

advapi32

QueryServiceStatus
RegQueryValueExW
OpenSCManagerW
QueryServiceConfigW
OpenServiceW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegCloseKey
CloseServiceHandle
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertFreeCertificateChain

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

winhttp

WinHttpSetOption
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration
WinHttpConnect
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpOpen
WinHttpQueryOption

ole32

CoCreateInstance
CoWaitForMultipleHandles
CoInitializeEx
CoCreateGuid
StringFromGUID2
CoUninitialize
IIDFromString
CoSetProxyBlanket

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear
SysStringLen

shlwapi

PathIsURLW

Exports

Exports

MpGearCloseHandle
MpGearContainerAnalyze
MpGearContainerCloseObject
MpGearContainerCommit
MpGearContainerDelete
MpGearContainerFreeObjectInfo
MpGearContainerGetNext
MpGearContainerOpen
MpGearContainerOpenObject
MpGearContainerRead
MpGearContainerRecognize
MpGearContainerSetSize
MpGearContainerWrite
MpGearCreateManager
MpGearDuplicateHandle
MpGearDynamicConfigAddBinary
MpGearDynamicConfigAddBool
MpGearDynamicConfigAddDWORD
MpGearDynamicConfigAddQWORD
MpGearDynamicConfigAddString
MpGearDynamicConfigAddStringList
MpGearDynamicConfigClear
MpGearDynamicConfigSend
MpGearFreeData
MpGearGetManagerInfo
MpGearGetSigDataDWORD
MpGearGetSigUpdateConfig
MpGearGetVirusNames
MpGearInheritEngine
MpGearInitializeMpPLI
MpGearQuarantineDelete
MpGearQuarantineGetNext
MpGearQuarantineOpen
MpGearQuarantineOpenEnumerator
MpGearQuarantineQuery
MpGearQuarantineRecover
MpGearQuarantineRestore
MpGearRebootActions
MpGearRenderPLIData
MpGearScanControl
MpGearScanFull
MpGearScanGetNextActionResult
MpGearScanGetNextThreat
MpGearScanGetStatistics
MpGearScanOpen
MpGearScanOpenActionResultsEnumerator
MpGearScanOpenThreatEnumerator
MpGearScanPath
MpGearScanQuick
MpGearScanSetDefaultThreatActions
MpGearScanSetOption
MpGearScanSetOptionEx
MpGearScanSetThreatAction
MpGearScanStream
MpGearScanSubmitReport
MpGearScanSubmitReportData
MpGearScanTakeActions
MpGearSetEngine
MpGearSetEngineWithResourceSigs
MpGearSetSigUpdateConfig
MpGearSigUpdateCancel
MpGearSigUpdateRollback
MpGearSigUpdateStart
MpGearSubmitHeartbeatReport
MpGearSubmitHeartbeatReportData
MpGearSubmitReportData

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86d0adb9b2e1f27df0110b9b7b25c534

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

crypt32

wintrust

winhttp

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 406KB - Virtual size: 406KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 11KB - Virtual size: 16KB

.pdata Size: 20KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 406KB - Virtual size: 406KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 11KB - Virtual size: 16KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 3KB - Virtual size: 3KB