e522b52d00412c369095004b34269babce6b48723f651993ae86858887cfef6f

General

Target

e522b52d00412c369095004b34269babce6b48723f651993ae86858887cfef6f
Size

220KB
MD5

fdb067e14120ae8dbb55758cd5d3b6a9
SHA1

b480fbca44fda221552617d8ef94c1d805754f57
SHA256

e522b52d00412c369095004b34269babce6b48723f651993ae86858887cfef6f
SHA512

494b6fe0d90abbf019dd285dd7ec6dc2f024f9ab9ea9a9486c63670947906dab7961345aa91897cd61a2dac592b14c9e3305b174a5e725b2ba1504a3dc80e2a3
SSDEEP

3072:d4cReQzHaaHsFarCf83ciGnLOzr4C7zugWYhyV1UHBAPD/Uf+j/OQxBLfqUIZza:y6zHaKaaivOnj7zp/h2qBAfVxBLfOZz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e522b52d00412c369095004b34269babce6b48723f651993ae86858887cfef6f

Files

e522b52d00412c369095004b34269babce6b48723f651993ae86858887cfef6f
.dll windows x86

43021c7159f592538fe2ad2820b9fa10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenFileMappingA
MapViewOfFile
GetCurrentProcessId
GetModuleHandleA
GetCurrentProcess
OpenProcess
VirtualQueryEx
ReadProcessMemory
CloseHandle
VirtualProtectEx
LoadLibraryA
GetProcAddress
VirtualProtect
LocalSize
RtlMoveMemory
IsBadWritePtr
RtlZeroMemory
lstrcpyn
IsBadReadPtr
UnmapViewOfFile
CreateFileMappingA
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
Sleep
LCMapStringA
FreeLibrary

user32

wsprintfA
MessageBoxA
CallWindowProcA

msvcrt

_CIfmod
__CxxFrameHandler
memmove
atoi
_ftol
sprintf
strncmp
??3@YAXPAX@Z
_strnicmp
_CIpow
free
malloc
strchr
modf

Exports

Exports

_��ӳ��

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43021c7159f592538fe2ad2820b9fa10

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 104KB - Virtual size: 151KB

.vmp0 Size: 64KB - Virtual size: 63KB

.reloc Size: 4KB - Virtual size: 1000B

.rsrc Size: 4KB - Virtual size: 668B

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 104KB - Virtual size: 151KB

.vmp0
Size: 64KB - Virtual size: 63KB

.reloc
Size: 4KB - Virtual size: 1000B

.rsrc
Size: 4KB - Virtual size: 668B