0x000400000000a01d-137[.]dat

Sharing

Copy URL Twitter E-mail

General

Target

0x000400000000a01d-137.dat
Size

5KB
MD5

9586343457d6301c4189241c4ba734e8
SHA1

1cad7501422f8b279eb2b090dd2468bfa6c04006
SHA256

34279a1d45b05d672cf330f7c89617cc9c9a62851669b485453786bd2591e2f0
SHA512

35533603556a2ef696ddcac6a95eb85b313a451536e46c1e76ee92ee8a1bab2a003c5f0e8a8ed73aa618366b72789d52fe12153db981fc49bfd0cec0a53be4c9
SSDEEP

48:Sgb6R4r6tMzGrOBCzq92hd251wChgq/d0TMd9Ml0N/a7iaj05y:drhiyCyLwChJV0AdsyOLj0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x000400000000a01d-137.dat

Files

0x000400000000a01d-137.dat
.dll windows x86

a0d5b428b33f7207bfa971a45d796fa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
EnumResourceTypesA
GetProcAddress
VirtualAlloc

loadperf

UnloadPerfCounterTextStringsA
LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsW

wsnmp32

ord904
ord104
ord999
ord201
ord202
ord203
ord900

oleaut32

VarR8FromCy
OleCreateFontIndirect
VarDecFromR4

mswsock

EnumProtocolsW
rexec
WSARecvEx
getnetbyname

pdh

PdhExpandCounterPathW
PdhGetLogFileSize
PdhEnumObjectsA
PdhAddCounterW
PdhGetCounterInfoA
PdhGetFormattedCounterArrayW
PdhParseInstanceNameW

gdi32

GetDIBColorTable
ColorMatchToTarget
SetPolyFillMode
RemoveFontResourceExA

crypt32

CertVerifyCRLTimeValidity
CryptDecodeMessage
CertIsRDNAttrsInCertificateName

mapi32

ord60
ord180
ord136
ord12
ord241
ord49

mpr

WNetGetUniversalNameW
WNetGetConnectionA
WNetCancelConnectionA
WNetDisconnectDialog
WNetGetProviderNameA

Exports

Exports

eIxo

Sections

.text
Size: 1024B - Virtual size: 598B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0d5b428b33f7207bfa971a45d796fa6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

loadperf

wsnmp32

oleaut32

mswsock

pdh

gdi32

crypt32

mapi32

mpr

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 598B

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 124B

.reloc Size: 512B - Virtual size: 124B

.text
Size: 1024B - Virtual size: 598B

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 124B

.reloc
Size: 512B - Virtual size: 124B