bf42b66593afe266e89dc54627d7e119848716ad3b1625a09b85af936d218436N

Sharing

Copy URL Twitter E-mail

General

Target

bf42b66593afe266e89dc54627d7e119848716ad3b1625a09b85af936d218436N
Size

45KB
MD5

24480042ef1f47551f70bbbb7b6fa790
SHA1

a8f0d916b7075a1b8b18f74c718591924117d0dd
SHA256

bf42b66593afe266e89dc54627d7e119848716ad3b1625a09b85af936d218436
SHA512

49afa1ac8fdb0aa96659bf7f9d4ff9676a426f494acc7d34edebf06233b78cb5dbf2df7dd5ed88275d29a8b19441e29bc66a5d8f34823bd280b1010a92bc5767
SSDEEP

768:wCskZkEpfCFcH7YfYaDgZKpI9bWq4ZhLlAhDk6SGwk6dAS5dqJyUXHPYlaewu/y8:wCskZiF9Dg8K9GZOk7j7dv5AJ7wlUrxC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rdpwsx.dll

Files

bf42b66593afe266e89dc54627d7e119848716ad3b1625a09b85af936d218436N
.cab
rdpwsx.dll
.dll windows:5 windows x86 arch:x86

d807820bd870366fac92afd95f23982d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rdpwsx.pdb

Imports

msvcrt

wcscmp
swprintf
_vsnwprintf
_except_handler3
_stricmp
_ultoa
sscanf
memset
memcpy
memmove
_purecall
wcslen
??3@YAXPAX@Z
??2@YAPAXI@Z
free
_initterm
_adjust_fdiv
malloc
_onexit
__dllonexit
wcscpy

ntdll

RtlInitializeCriticalSection
RtlDeleteCriticalSection
NtClose
NtCreateFile
RtlInitUnicodeString
NtOpenEvent
NtCreateEvent

mstlsapi

ord38
ord29
ord39
ord30
ord32

icaapi

IcaChannelClose
IcaChannelOpen
IcaStackIoControlNoConnLock
_IcaStackIoControl
IcaStackIoControl

kernel32

CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
DisableThreadLibraryCalls
WaitForMultipleObjects
HeapFree
CreateEventW
EnterCriticalSection
HeapAlloc
GetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
DeviceIoControl
SetLastError
OpenEventW
InterlockedExchange
CreateThread
LeaveCriticalSection
GetVersionExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapCreate
HeapDestroy
DeleteCriticalSection
PostQueuedCompletionStatus
ReadFile
GetQueuedCompletionStatus
CreateIoCompletionPort
SetThreadPriority
CancelIo
GetOverlappedResult
WriteFile
LocalAlloc
LocalFree
InitializeCriticalSection
CompareFileTime
SystemTimeToFileTime
GetSystemTime
Sleep
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetVersionExA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
lstrlenW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
GetProcessHeap
HeapReAlloc

advapi32

CryptGenRandom
CryptAcquireContextA
RegOpenKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
CryptGetProvParam
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
CryptReleaseContext
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
QueryServiceConfigW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle

user32

wsprintfW
GetSystemMetrics
ReleaseDC
GetDC

gdi32

GetDeviceCaps

crypt32

CertFindExtension
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertGetNameStringW
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CryptDecodeObject

winspool.drv

EnumPrintersW
DeletePrinter
ClosePrinter
OpenPrinterW
SetPrinterW

secur32

AcquireCredentialsHandleW
AcceptSecurityContext
FreeContextBuffer
QueryContextAttributesW
DecryptMessage
EncryptMessage
DeleteSecurityContext
FreeCredentialsHandle
QuerySecurityPackageInfoW

Exports

Exports

WsxBrokenConnection
WsxCanLogonProceed
WsxClearContext
WsxConnect
WsxConvertPublishedApp
WsxCopyContext
WsxDisconnect
WsxDuplicateContext
WsxEscape
WsxIcaStackIoControl
WsxInitialize
WsxInitializeClientData
WsxLogonNotify
WsxSendAutoReconnectStatus
WsxSetErrorInfo
WsxVirtualChannelSecurity
WsxWinStationInitialize
WsxWinStationReInitialize
WsxWinStationRundown

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d807820bd870366fac92afd95f23982d

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

mstlsapi

icaapi

kernel32

advapi32

user32

gdi32

crypt32

winspool.drv

secur32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 92KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 92KB - Virtual size: 92KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 7KB - Virtual size: 6KB