xSa[.]log | Triage

Sharing

General

Target

xSa.log
Size

855KB
MD5

cf46f0cd591e50c425136470505e8a9e
SHA1

0e3d1488b9aa104aa0a39966132a70a47165aaef
SHA256

5a5154c5843a18d3912063b827ef541a709aec4132b847d75d7e634683acff8d
SHA512

3bddf5e233dbd8c4554c73050b0299892b7132afc1bdc67882daa309e0bf1767430aebade35977d06564f41477eeedb5840595cf2446e28d7d47d03179a1a5e4
SSDEEP

24576:v7UuAhS4VYKBOSR45LlxAh/uSLKAlr/A/cYV5fN:6/YVSulxb1AlurF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xSa.log

Files

xSa.log
.dll windows:6 windows x86

d7637d01603047c46356b8ae53adf518

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
CreateFileA
CloseHandle
GetLastError
ConvertThreadToFiber
SwitchToFiber
CreateActCtxA
ActivateActCtx
DeactivateActCtx
FindFirstFileA
FindNextFileA
GetSystemDirectoryA
SetCurrentDirectoryA
ReadFile
SetFilePointer
ReleaseActCtx
SetFileTime
VirtualAlloc
DeviceIoControl
GetLocalTime

Exports

Exports

GPa606j
HUF_inc_var
Tsw3286E

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ