b2ad3f1b984ba8bd513e5de609098cf643c29fe4f25a3ea358e269056e1a7000 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b2ad3f1b984ba8bd513e5de609098cf643c29fe4f25a3ea358e269056e1a7000
Size

42KB
MD5

ced207e4f2401e922b9b13f15a9edcc6
SHA1

8ca893f8501100a347d5d2b93f423973de0679e6
SHA256

b2ad3f1b984ba8bd513e5de609098cf643c29fe4f25a3ea358e269056e1a7000
SHA512

864e34590fa6b641fd755aebcbb1bdabf9d8bf530ad8614b67fdd14f0adf61d7636d69a5526d6989f47673387adbc5b39db7a67edbe769c1c540e271f4be33fe
SSDEEP

768:U4MfNxybLpwpvZ54dP7/y1aPUMANyvU3q5lAplm4P:U4MfNxyv6NZ54djaaPUhyvU3kACK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2ad3f1b984ba8bd513e5de609098cf643c29fe4f25a3ea358e269056e1a7000

Files

b2ad3f1b984ba8bd513e5de609098cf643c29fe4f25a3ea358e269056e1a7000
.dll windows x86

0cc80e93d490e743745b8ff430d190c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_amsg_exit
_initterm
free
malloc
_XcptFilter
memcpy
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
_vsnwprintf

kernel32

GlobalFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
OutputDebugStringW
LoadLibraryW
GetProcAddress
Sleep
FreeLibrary
GlobalLock
GlobalSize
GlobalAlloc
GlobalUnlock
LocalAlloc
LocalFree
InterlockedDecrement
SetLastError
InterlockedIncrement

winspool.drv

GetPrinterDriverDirectoryW

gdi32

EngCreatePalette
GetPaletteEntries

ole32

StringFromGUID2

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ