ea01204049dd6306d301ff1f685e4db023e2f3301e632c2e145f32fdb1a63598

Sharing

Copy URL

Twitter E-mail

General

Target

ea01204049dd6306d301ff1f685e4db023e2f3301e632c2e145f32fdb1a63598
Size

1.2MB
MD5

dd5fe02622a258049799ba3013d08406
SHA1

c55a4f6880ecdbed0399ab283bf915777e3fce73
SHA256

ea01204049dd6306d301ff1f685e4db023e2f3301e632c2e145f32fdb1a63598
SHA512

6ba018fa93ffb2bda0ab4283275e91ef93b111124adea23f262851a8c7e01a54625dde2b3f63d52611432d228b0f0b910a1adf5d905e2080d7fb22523d53aef9
SSDEEP

24576:DV0UU15cjJZQl3+S+sv6QCQEmwyhFz/1azp3Olzdd+B48:Vw5L+h1nWk3WzvS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea01204049dd6306d301ff1f685e4db023e2f3301e632c2e145f32fdb1a63598

Files

ea01204049dd6306d301ff1f685e4db023e2f3301e632c2e145f32fdb1a63598
.dll windows x64

47e01530ad43ec939d1c47709a80a5c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcessHeap
CreateFileA
CloseHandle
GetLastError
HeapWalk
CreateFiber
SwitchToFiber
CreateActCtxA
ActivateActCtx
DeactivateActCtx
OpenThread
GetFileAttributesA
FindFirstFileA
FindNextFileA
GetModuleFileNameA
GetModuleHandleA
GetCurrentProcessId
GetFileInformationByHandle
CreateFileMappingA
VirtualAlloc
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetLastError
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsSetValue
FreeLibrary
LoadLibraryExW
CompareStringW
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
HeapReAlloc
RtlUnwindEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

Exports

Exports

JDuCS622tuL6
MkcDIl34k3Si
PcYge9j
eOXScagadNKe

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 661KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47e01530ad43ec939d1c47709a80a5c6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 143KB - Virtual size: 143KB

.rdata Size: 378KB - Virtual size: 378KB

.data Size: 661KB - Virtual size: 665KB

.pdata Size: 5KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 20B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 143KB - Virtual size: 143KB

.rdata
Size: 378KB - Virtual size: 378KB

.data
Size: 661KB - Virtual size: 665KB

.pdata
Size: 5KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 20B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB