597c1e978099fee41cd242695e388a16600054b25dbb054118ed9954cfdef46fN

Sharing

Copy URL Twitter E-mail

General

Target

597c1e978099fee41cd242695e388a16600054b25dbb054118ed9954cfdef46fN
Size

51KB
MD5

3b93242805baa71735378f9bfaa72470
SHA1

933a4da1442ab0793d6d7196090131078f088801
SHA256

597c1e978099fee41cd242695e388a16600054b25dbb054118ed9954cfdef46f
SHA512

55d0edda9412ef2c2c7e511d8f7c7c6aaaf57c1cbbc1410ef8944979120abf06431f970d01e7af7fe5503e780dd10523563b51196cefc2c1410b427c97745d7b
SSDEEP

768:1uScIpn3PD0ATmJoGfT52IUmEoZ7CjUUvFkzGaCYAWFGV:1uScIpndTmJoGfsidVCozfAqk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
597c1e978099fee41cd242695e388a16600054b25dbb054118ed9954cfdef46fN

Files

597c1e978099fee41cd242695e388a16600054b25dbb054118ed9954cfdef46fN
.dll windows:5 windows x64 arch:x64

f718c19fda72999f51bb97428fde62df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildbot\wireshark\trunk-1.8-64\win7x64\build\wsutil\libwsutil.pdb

Imports

kernel32

GetModuleHandleW
GetSystemDirectoryW
GetModuleFileNameW
LoadLibraryW
MultiByteToWideChar
GetProcAddress
GetCommandLineW
RtlCaptureContext
RtlLookupFunctionEntry
SetCurrentDirectoryW
MoveFileExW
GetLastError
WideCharToMultiByte
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
DecodePointer
EncodePointer

ws2_32

htonl

advapi32

OpenSCManagerW
OpenServiceW
QueryServiceStatus

shell32

CommandLineToArgvW

libglib-2.0-0

g_realloc
g_ascii_toupper
g_ascii_tolower
g_strdup
g_malloc
g_strdup_vprintf
g_strlcpy
g_utf16_to_utf8
g_path_get_dirname
g_path_is_absolute
g_path_skip_root
g_utf8_to_utf16
g_free
g_snprintf

libgmodule-2.0-0

g_module_open_utf8
g_module_build_path

msvcr100

__crt_debugger_hook
_onexit
_lock
__dllonexit
_wopen
_errno
_wmkdir
_wstat64
wcslen
_wunlink
_wrmdir
_wremove
_wfopen
_wfreopen
_wgetenv
getenv
isspace
islower
isxdigit
isdigit
strlen
memset
memcpy
strchr
isprint
_localtime64
_snwprintf
fputc
fprintf
__iob_func
strncmp
strcmp
_malloc_crt
_initterm
_initterm_e
free
_encoded_null
_amsg_exit
__C_specific_handler
__CppXcptFilter
__clean_type_info_names_internal
_unlock
_strnicmp

Exports

Exports

AirPDcapWepDecrypt
arg_list_utf_16to8
ascii_strdown_inplace
ascii_strup_inplace
crc16_0x5935
crc16_ccitt
crc16_ccitt_seed
crc16_plain_update
crc16_x25_ccitt
crc32_ccitt
crc32_ccitt_seed
crc32_ccitt_table_lookup
crc32_mpeg2_seed
crc32c_calculate
crc32c_calculate_no_swap
crc32c_table_lookup
crc8_0x2F
crc_drm
get_cur_groupname
get_cur_username
getenv_utf8
getopt
inet_aton
init_process_policies
isdigit_string
isprint_string
mpa_bitrate
mpa_frequency
mpa_layer
mpa_padding
mpa_samples
mpa_version
npf_sys_is_running
optarg
opterr
optind
optopt
relinquish_special_privs_perm
running_with_special_privs
started_with_special_privs
strptime
type_util_gdouble_to_guint64
type_util_guint64_to_gdouble
update_crc10_by_bytes
update_crc6_by_bytes
utf_16to8
utf_8to16
utf_8to16_snprintf
ws_inet_ntop
ws_inet_pton
ws_init_dll_search_path
ws_load_library
ws_module_open
ws_stdio_fopen
ws_stdio_freopen
ws_stdio_mkdir
ws_stdio_open
ws_stdio_remove
ws_stdio_rename
ws_stdio_stat64
ws_stdio_unlink

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f718c19fda72999f51bb97428fde62df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

advapi32

shell32

libglib-2.0-0

libgmodule-2.0-0

msvcr100

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 996B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 996B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 36B