ef8adaab4142256baa714d515a6f73a2744d5ea17e408442b82c9d2e51db64ed

Sharing

Copy URL Twitter E-mail

General

Target

ef8adaab4142256baa714d515a6f73a2744d5ea17e408442b82c9d2e51db64ed
Size

427KB
MD5

ea6a710189d2713f72925fbda323eb92
SHA1

c4b6e93e363202782a0cf36128b267bbdee6aaa1
SHA256

ef8adaab4142256baa714d515a6f73a2744d5ea17e408442b82c9d2e51db64ed
SHA512

50e3fb6095d4e60acc9d10c08f4598e3c56784be607376a2ad38c38398f1e300b2c3524f206380412da64e5d8dc8c6a53fd9eab5e7a4be6cb63937dd199e68ab
SSDEEP

12288:knYAfaA6rlQ4wd4b/3TAaUQLN8hddYbI3bHuSfaQfNCTvZ55s4:9XMaU6uGqbHLiQFCTB5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef8adaab4142256baa714d515a6f73a2744d5ea17e408442b82c9d2e51db64ed

Files

ef8adaab4142256baa714d515a6f73a2744d5ea17e408442b82c9d2e51db64ed
.dll windows:6 windows x86 arch:x86

97fdace18ad2aa784bd22dfc5a1cfb50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\wjc\work\DLP\wstnetfilter\Release\WstFltApi.pdb

Imports

kernel32

DecodePointer
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
CreateFileA
SetLastError
DeviceIoControl
GetVersionExA
ReadFile
GetOverlappedResult
CancelIo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
HeapAlloc
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
GetCurrentProcessId
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
GetTempFileNameW
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetSystemInfo
MultiByteToWideChar
DeleteFileW
GetTempPathW
CloseHandle
WriteFile
SetFilePointer
GetCurrentThreadId
GetLastError
CreateFileW
GetTickCount
GetTempPathA
ResetEvent
OutputDebugStringW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetStdHandle
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
IsDebuggerPresent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetEndOfFile
ExitProcess
GetModuleFileNameW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FlushFileBuffers
GetConsoleOutputCP
GetFileSizeEx
WriteConsoleW

user32

wvsprintfW

advapi32

StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

ntohs
ntohl
WSAStartup
WSAAddressToStringA
htons
WSACleanup

Exports

Exports

CreateWSTObject

Sections

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97fdace18ad2aa784bd22dfc5a1cfb50

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 317KB - Virtual size: 317KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 6KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 317KB - Virtual size: 317KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 6KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 15KB - Virtual size: 14KB