ee762c3a7d1437531f406c22f43783164ec4ec70862eec655405958cd84c55db

Sharing

Copy URL Twitter E-mail

General

Target

ee762c3a7d1437531f406c22f43783164ec4ec70862eec655405958cd84c55db
Size

317KB
MD5

178e071a1c53e9b65f7d8ca73028ac8d
SHA1

9faed45002a6ed72b05604876210d4dc373220a4
SHA256

ee762c3a7d1437531f406c22f43783164ec4ec70862eec655405958cd84c55db
SHA512

f717fd8367cd2b54efd93e8cc0af1f5f2446eb2e687cdd5e6a4b49db9a1a9bdbc00b93672247bd69906eb7db5d0dd019e143ac89f8482303da04d739fccd6f48
SSDEEP

6144:sqHSJ8sZfStzKtHWWWeWf2WWu2xW6nt+LWK9EV0iRE5p9zvtY3ywzm9Hxl0qqDLj:fUlhy9EV0ieb9zvlqn6y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee762c3a7d1437531f406c22f43783164ec4ec70862eec655405958cd84c55db

Files

ee762c3a7d1437531f406c22f43783164ec4ec70862eec655405958cd84c55db
.dll windows:6 windows x86 arch:x86

dc34f9957d06a488bc48617332401aa2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins2\workspace\DLP_86\dlp-win\dlp-win-client+release+manual\Bin\WSTDiskEncrypt.pdb

Imports

shell32

SHChangeNotify
ord680

kernel32

GetProcessWorkingSetSize
EnterCriticalSection
GetCurrentProcess
DeviceIoControl
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
Sleep
CreateFileA
GetCurrentThread
LoadLibraryA
GetProcAddress
GetStartupInfoA
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
FreeLibrary
GetThreadTimes
GlobalMemoryStatus
QueryPerformanceCounter
GetTickCount
GetProcessTimes
ReadFile
SetLastError
WriteFile
GetLastError
SetFilePointer
SetEndOfFile
GetModuleHandleA
_lwrite
FlushFileBuffers
OutputDebugStringA
GetVolumeInformationA
GetDiskFreeSpaceA
DefineDosDeviceA
GetVolumePathNameA
GetModuleFileNameA
SetFilePointerEx
GetLogicalDrives
MultiByteToWideChar
GetVersionExA
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleOutputCP
CreateFileW
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
HeapAlloc
GetStdHandle
CreateEventA
ResetEvent
CloseHandle
SetEvent
ReleaseMutex
WaitForSingleObject
VirtualLock
VirtualUnlock
DecodePointer
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapFree
LCMapStringW

user32

GetSystemMetrics
EnumChildWindows
GetClassNameA
GetWindowTextA
SendMessageA
SendMessageTimeoutA
wsprintfA
DispatchMessageA
PostMessageA
TranslateMessage
PeekMessageA
GetMessagePos
GetFocus
GetCaretPos
EnumWindows
GetClipboardOwner
GetOpenClipboardWindow
CallNextHookEx
GetActiveWindow
GetCapture
GetInputState
SetWindowsHookExA
GetQueueStatus
UnhookWindowsHookEx
GetMessageTime
GetDesktopWindow
GetProcessWindowStation
GetCursorPos
GetClipboardViewer

advapi32

CreateServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
DeleteService
ControlService
StartServiceA
OpenServiceA
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
CryptGenRandom
RegOpenKeyExA
CryptReleaseContext

Exports

Exports

?DriverUnload@@YAHXZ
AttachDriver
DetachDriver
DriverInstall
DriverLoad
DriverUninstall
WstCheckDriverMounted
WstCreateValumeHeader
WstCreateVolume
WstDisMountVolume
WstDismountAll
WstGetMountedVolumeDriveNo
WstGetPublicKey
WstGetValumeHeaderInfor
WstIsDeviceMounted
WstIsMountedVolume
WstMountVolume
WstSetKeyInfo
WstSetMasterKey

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc34f9957d06a488bc48617332401aa2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 204KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB