ca7a32af6e685e0e1de42f08b99e886cd548206931b26e0edd33f1a945fe2e69N

Sharing

Copy URL Twitter E-mail

General

Target

ca7a32af6e685e0e1de42f08b99e886cd548206931b26e0edd33f1a945fe2e69N
Size

3.1MB
MD5

5374152d05dd0d6b71ee78d6a357f7d0
SHA1

e506d16b7c963e743de61988e9fa4c59c3428e4c
SHA256

ca7a32af6e685e0e1de42f08b99e886cd548206931b26e0edd33f1a945fe2e69
SHA512

809d8af1987ebfefd32dca386cd272340d6b8b57adb8a569cfbf06be8af3efa1c173a406b6a4518519275f38a315467f60fa10bda9e3fb44cdf444e8ad06a896
SSDEEP

49152:szRfQWgefOmRDux8/B7a6aOGKB8PiMO5XMMHSc0tAgoXIH0IJN4UTYqsfAKl1QTr:s9I1EfV4rpp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca7a32af6e685e0e1de42f08b99e886cd548206931b26e0edd33f1a945fe2e69N

Files

ca7a32af6e685e0e1de42f08b99e886cd548206931b26e0edd33f1a945fe2e69N
.dll windows:6 windows x64 arch:x64

d96998f72627c3675ccd4ec4a418f478

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bindings_napi.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

kernel32

VirtualQuery
SetThreadStackGuarantee
SwitchToFiber
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
GetModuleHandleW
FormatMessageW
SetLastError
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
lstrlenW
GetCurrentProcessId
CreateMutexA
WideCharToMultiByte
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetEnvironmentVariableW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
FindFirstFileW
FindClose
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleA
Sleep
IsThreadAFiber
ConvertThreadToFiber
CreateFiber
DeleteFiber
ConvertFiberToThread
GetEnvironmentVariableA
WriteFile
FlsAlloc
FlsSetValue
FlsFree
GetProcessTimes
GetModuleHandleExW
GetCurrentProcessorNumber
GetSystemInfo
VirtualAlloc
VirtualFree
GetLargePageMinimum
VirtualUnlock
GetLastError
GetNumaHighestNodeNumber
GetProcAddress
GetNumaNodeProcessorMask
WriteConsoleA
GetConsoleScreenBufferInfo
HeapReAlloc
HeapSize
FreeLibrary
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
FlsGetValue
LCMapStringW
GetFileType
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
SetStdHandle
GetFileSizeEx
SetFilePointerEx

ntdll

RtlNtStatusToDosError
NtWriteFile
NtReadFile

bcrypt

BCryptGenRandom

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
SystemFunction036
OpenProcessToken

Exports

Exports

napi_register_module_v1

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 677KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d96998f72627c3675ccd4ec4a418f478

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

ntdll

bcrypt

advapi32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 677KB - Virtual size: 676KB

.data Size: 9KB - Virtual size: 111KB

.pdata Size: 149KB - Virtual size: 149KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 677KB - Virtual size: 676KB

.data
Size: 9KB - Virtual size: 111KB

.pdata
Size: 149KB - Virtual size: 149KB

.reloc
Size: 7KB - Virtual size: 6KB