a2be1d5be7fc1358a081527ff2654d0ab5c2425ed960020fbbcccb8025cec1ffN

Sharing

Copy URL Twitter E-mail

General

Target

a2be1d5be7fc1358a081527ff2654d0ab5c2425ed960020fbbcccb8025cec1ffN
Size

685KB
MD5

86a7a160e257e190399d6059cacca0a0
SHA1

665fff8e0f5455e37d21da18ae12421da5ef3572
SHA256

a2be1d5be7fc1358a081527ff2654d0ab5c2425ed960020fbbcccb8025cec1ff
SHA512

0f9dc3decf33fbd78513e2313ddbb8af70e378be520a398b18e96510dbfb1549074d2a67be218c9482feda5eaa45723fb615083a92ef4ddfc1fe3477e39d12b2
SSDEEP

12288:FiDTDIO3IfnPZjcEBfsKYEZuROtto4aIJayoPJviaKYNVuI:YKnPZjcEBfsKYFuayoSsuI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2be1d5be7fc1358a081527ff2654d0ab5c2425ed960020fbbcccb8025cec1ffN

Files

a2be1d5be7fc1358a081527ff2654d0ab5c2425ed960020fbbcccb8025cec1ffN
.dll windows:5 windows x86 arch:x86

e859761bcd7ac19039e80a133546ba8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Simba\WorkShop\Channel\Common\Bin\DiagChan9.pdb

Imports

kernel32

CloseHandle
WaitForSingleObject
Sleep
SetEvent
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
GetPrivateProfileIntW
ResetEvent
InterlockedIncrement
GetTickCount
CreateEventW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleFileNameW
VirtualAlloc
VirtualQuery
VirtualFree
SleepEx
GetCurrentThreadId
GetSystemInfo
GetLocalTime
FreeConsole
FlushFileBuffers
IsBadWritePtr
WriteConsoleW
GetConsoleWindow
SetConsoleTitleW
SetConsoleWindowInfo
SetConsoleScreenBufferSize
GetStdHandle
AllocConsole
GetLastError
CreateDirectoryW
GetFileAttributesW
lstrlenW
SetFilePointer
CreateFileW
WideCharToMultiByte
GetTempPathW
WriteFile
GetFileSize
lstrlenA
lstrcatA
SetEndOfFile
ReadFile
GetConsoleMode
GetConsoleCP
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetProcessHeap
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
RaiseException
ExitThread
CreateThread
RtlUnwind
HeapFree
GetCommandLineA
LCMapStringW
GetCPInfo
HeapAlloc
GetLocaleInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThread
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoW
SetConsoleCtrlHandler
FatalAppExitA
HeapCreate
HeapDestroy
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
HeapReAlloc

user32

EnableMenuItem
ShowWindow
GetMessageW
PostThreadMessageW
GetSystemMenu

shlwapi

PathFindFileNameW
PathIsRelativeW
PathRemoveFileSpecW
PathFindExtensionW

Exports

Exports

CreateBmChannel
CreateBmPackage
CreateDiagChannel
CreateDiagPackage
CreateProtoChannel
CreateProtoPackage
ReleaseBmChannel
ReleaseBmPackage
ReleaseDiagChannel
ReleaseDiagPackage
ReleaseProtoChannel
ReleaseProtoPackage

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 357KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e859761bcd7ac19039e80a133546ba8d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 258KB - Virtual size: 258KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text Size: 357KB - Virtual size: 360KB

.text
Size: 258KB - Virtual size: 258KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 357KB - Virtual size: 360KB