0a17bb421917b159570ad723224d388d2cfc0af68f289a2ecfd36a226fc18428

Sharing

Copy URL Twitter E-mail

General

Target

0a17bb421917b159570ad723224d388d2cfc0af68f289a2ecfd36a226fc18428
Size

13KB
MD5

3b5b14ca322cb62bd478a49c089a589d
SHA1

722b793d427bd499a6642447010c21e1f7a884e7
SHA256

0a17bb421917b159570ad723224d388d2cfc0af68f289a2ecfd36a226fc18428
SHA512

f685dcf6f2b82eb7fa40b3ca9f8c9d688d152cbf071796db34d279fc7e1fb8c04eec346b5487edc8eb3d90272c7b07432cf177f6f179ee66c4e983e890135810
SSDEEP

192:vQZXLOAfyn9tHkR4MRuzNMdCeYf4ozc8Wa:vaLfyEluzfga

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a17bb421917b159570ad723224d388d2cfc0af68f289a2ecfd36a226fc18428

Files

0a17bb421917b159570ad723224d388d2cfc0af68f289a2ecfd36a226fc18428
.dll windows x64

bf843b338b74e99df308970966a2e8b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

rpcrt4

RpcBindingFromStringBindingW
RpcStringFreeW
NdrClientCall3
RpcStringBindingComposeW

vcruntime140

__std_type_info_destroy_list
memset
memcpy
__C_specific_handler

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_onexit_table
_initialize_narrow_environment

kernel32

InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime

Exports

Exports

Proc0_RAiLaunchAdminProcess

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf843b338b74e99df308970966a2e8b6

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 164B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 164B