5555f04b908538c8972309f0350af44f493b4d4aa3e3eb91fdace418dfb38478N

Sharing

Copy URL Twitter E-mail

General

Target

5555f04b908538c8972309f0350af44f493b4d4aa3e3eb91fdace418dfb38478N
Size

133KB
MD5

1d6d9289cd97818e6fda5cd98c4cf050
SHA1

30e840bec650e9b4c3f38d0a8f2ae4fcbcb03a16
SHA256

5555f04b908538c8972309f0350af44f493b4d4aa3e3eb91fdace418dfb38478
SHA512

218e8b0abb18cbbedc313ca82af3a7a1fed33f6ee06c7ed3f80cb0bc584b36be633cd4dae15e208f7446677843d1b8ed920fd5a15dbb54f95b1b03b63acfb4a1
SSDEEP

3072:sMqqDL2/r992Xg2pdhT2Hx95ecLfV2kYbMrTs6NyE:fqqDL672tdhOebMrTsP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5555f04b908538c8972309f0350af44f493b4d4aa3e3eb91fdace418dfb38478N

Files

5555f04b908538c8972309f0350af44f493b4d4aa3e3eb91fdace418dfb38478N
.dll windows:6 windows x86 arch:x86

6439521af9a72a501539b7935070f040

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aaclient.pdb

Imports

msvcrt

free
memset
malloc
_ltow
_ultow
wcsrchr
__CxxFrameHandler
_onexit
_lock
__dllonexit
_unlock
memcpy
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_purecall

ntdll

RtlUnwind
VerSetConditionMask

ws2_32

htonl

kernel32

lstrlenW
WideCharToMultiByte
LoadLibraryExW
VerifyVersionInfoW
RegisterWaitForSingleObject
UnregisterWaitEx
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
GetComputerNameW
FreeLibrary
SetEvent
CreateEventW
GetLastError
GetProcAddress
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
CreateIoCompletionPort
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
LocalAlloc
LocalFree
GetComputerNameExW
InterlockedExchange
Sleep
InterlockedCompareExchange
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
GetModuleFileNameW

crypt32

CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CryptUnprotectData

advapi32

RegSetValueExW
RegCreateKeyExW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegDeleteValueW
RegDeleteKeyW
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CredUnmarshalCredentialW
CredFree

mstscax

RegisterTransportExtDll

rpcrt4

I_RpcExceptionFilter
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2

Exports

Exports

LoadClientAdapter
OpenKeyReader
OpenKeyReaderWriter
g_fnStartTransport

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6439521af9a72a501539b7935070f040

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

ws2_32

kernel32

crypt32

advapi32

mstscax

rpcrt4

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 116KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 116KB - Virtual size: 116KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB