547f934b4c2df4406edd57556b7195fe0bb0cdab02d62d414a56046ba156ff8d

General

Target

547f934b4c2df4406edd57556b7195fe0bb0cdab02d62d414a56046ba156ff8d
Size

46KB
MD5

c7b6f405766067cf5e89033e6f782860
SHA1

63d82253436a2e9b5f3d326cd4c0b07c64a6df9c
SHA256

547f934b4c2df4406edd57556b7195fe0bb0cdab02d62d414a56046ba156ff8d
SHA512

955f7299c1c92084cfca3df93ef7bc7bd0d35f94f684c8258e9661444b98970bdf2d45ae6cabfb997dfdb146b21c58a2de48c64342cd5526a81821f171a4db28
SSDEEP

768:7EpJPZ2Kc+oYpsD80+22KQxv8/KdCHZkXz2phGraVorBoRC4D:IpZ0YSD8nKQxvt2pcraVorCR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
547f934b4c2df4406edd57556b7195fe0bb0cdab02d62d414a56046ba156ff8d

Files

547f934b4c2df4406edd57556b7195fe0bb0cdab02d62d414a56046ba156ff8d
.dll windows x86

b1c592d89537704289445a3fc18de55d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtWriteVirtualMemory
RtlGetVersion
RtlRemoveVectoredExceptionHandler
LdrGetProcedureAddress
NtQueryDirectoryFile
NtWaitForSingleObject
KiUserExceptionDispatcher
NtReadVirtualMemory
NtDelayExecution
NtSetInformationProcess
RtlInitAnsiString
NtFlushInstructionCache
RtlAddVectoredExceptionHandler
LdrLoadDll
NtGetContextThread
RtlMultiByteToUnicodeN
LdrShutdownProcess
RtlCreateUserThread
LdrAddRefDll
swprintf
NtTerminateProcess
NtSetContextThread
NtProtectVirtualMemory
NtQueryAttributesFile
NtResumeThread
NtAllocateVirtualMemory
LdrDisableThreadCalloutsForDll
NtFreeVirtualMemory
RtlDosPathNameToNtPathName_U
NtReadFile
RtlGetCurrentDirectory_U
RtlSetCurrentDirectory_U
RtlAllocateHeap
RtlReAllocateHeap
_alldiv
NtClose
NtCreateFile
wcsstr
RtlFreeUnicodeString
NtQueryInformationFile
RtlDestroyHeap
RtlInitUnicodeString
RtlFreeHeap
NtWriteFile
RtlCreateHeap
RtlUnwind

kernel32

CreateProcessInternalW

gdi32

GetTextExtentPoint32W

comdlg32

GetOpenFileNameW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

Sections

.Amano
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Amano2
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1c592d89537704289445a3fc18de55d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

gdi32

comdlg32

ole32

Sections

.Amano Size: 40KB - Virtual size: 40KB

.Amano2 Size: 1KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 640B

.reloc Size: 2KB - Virtual size: 1KB

.Amano
Size: 40KB - Virtual size: 40KB

.Amano2
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 640B

.reloc
Size: 2KB - Virtual size: 1KB