b597120859ea8042d29358036df75ee3fe3ecc338381ac211e6ec6949e68db2a

Sharing

Copy URL Twitter E-mail

General

Target

b597120859ea8042d29358036df75ee3fe3ecc338381ac211e6ec6949e68db2a
Size

253KB
MD5

21946f77621b657a9ccc11a270d42c67
SHA1

ab6dfa2b48d629f60bb323622167c38970167973
SHA256

b597120859ea8042d29358036df75ee3fe3ecc338381ac211e6ec6949e68db2a
SHA512

8219f6f88293c8c19e9bc1fdbbcdd5c381b2f12fd8d2cad85a5175a16efb8a4a7efd709e87ce301727b88387b0599824148eb0a1cd1380405c939ae83f7bedc5
SSDEEP

6144:cxvm46n86PIujmDXZjFb9eIVY2KHsCtjhBV+UdvrEFp7hKjL:cZ6nbIu2MmY2MtnBjvrEH7I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b597120859ea8042d29358036df75ee3fe3ecc338381ac211e6ec6949e68db2a

Files

b597120859ea8042d29358036df75ee3fe3ecc338381ac211e6ec6949e68db2a
.dll windows x86

bf7be88cf65cbde68e9b13116fcc82ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

__std_type_info_destroy_list
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
memcpy
_except_handler4_common
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
ftell
fseek
fread
fopen
fclose

api-ms-win-crt-math-l1-1-0

_CIatan2
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
_libm_sse2_atan_precise
_libm_sse2_acos_precise

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
free
malloc
_aligned_free

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm_e
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm
_crt_atexit

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
UnhandledExceptionFilter

Exports

Exports

HIKSLF_Process
HIKSLF_WebProcess
SLF_Get_Cur_Version

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf7be88cf65cbde68e9b13116fcc82ae

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB