2c98c17ddf9c8c77f7d6cf8dac8977d920988aab8cfa6c7a51693483c4650ce1

General

Target

2c98c17ddf9c8c77f7d6cf8dac8977d920988aab8cfa6c7a51693483c4650ce1
Size

17KB
MD5

9934785f6f871cb6ae776ed7393c47c6
SHA1

b58c421a62c280964507fb9d28b4c4ebe54a4de8
SHA256

2c98c17ddf9c8c77f7d6cf8dac8977d920988aab8cfa6c7a51693483c4650ce1
SHA512

e8e0dd964141430b9772e5cd4fbf64b3262885d72a86699d16d787d2605be7450561c28693e54fd78b680d79e9d75e8108af94ac9bf072b13b17c676d2fecefb
SSDEEP

384:fXYL+FrSphWsuDj7fezIHg0NnfM66lc6xRZTR2JaOtxtnLX:fXYL+MphWLDjQlifMXHxTN5Ot7nLX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c98c17ddf9c8c77f7d6cf8dac8977d920988aab8cfa6c7a51693483c4650ce1

Files

2c98c17ddf9c8c77f7d6cf8dac8977d920988aab8cfa6c7a51693483c4650ce1
.dll windows x86

4f569d361a2371b24b8a12c899e81386

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc90u

ord265
ord266
ord605
ord1274
ord321
ord1241
ord1239
ord1264
ord1180
ord1233
ord2084
ord391
ord1152
ord1273
ord1271
ord1145
ord1076
ord1137
ord322
ord802
ord1088
ord801

msvcr90

?terminate@@YAXXZ
_unlock
__dllonexit
__CppXcptFilter
_onexit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_except_handler4_common
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
memcpy
_malloc_crt
_encode_pointer
??2@YAPAXI@Z
__CxxFrameHandler3
_lock

kernel32

UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalAlloc
LocalFree
GetCurrentThreadId

Exports

Exports

?AotuSearchPeak0@@YAXHPAN0NPAUPeakInfo@@@Z
?AotuSearchPeak@@YAXHPAN0NPAUPeakInfo@@@Z
?AotuSearchPeakByFD@@YAXHPAN0NPAUPeakInfo@@00@Z

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f569d361a2371b24b8a12c899e81386

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 814B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 814B