dlv1490_hotfix6_22tr[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dlv1490_hotfix6_22tr.rar
Size

2.9MB
MD5

d6939380c91fd428c128aa7c053e15a8
SHA1

f8d2cdb044372505e4aa6bcb5dc46fbc308f903e
SHA256

aec8c20e01837b3e4c4b6aabbc1ffadb18df843f34445062de3fb9987cfda43e
SHA512

457e0c935fa5d475ef4f4ff7736aeeadaa364761d3c9caab9b701a05010948cf4d7e83856441fda80719f7eaf66f5ce9d9c34a2d8ab84f7d87c85761ea2b0b06
SSDEEP

49152:Calr5UyCJvBM/ReSwEnNGdhF1DUAH5OmlH+E7MdrbjlgCDt7gt+fC3wKo5/4l4tp:1lriJvBA9QLF1DE6+qMdHuCitLwnwl4r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dlv1490_hotfix6_+22tr.exe

Files

dlv1490_hotfix6_22tr.rar
.rar
dlv1490_hotfix6_+22tr.exe
.exe windows:6 windows x64

1734ea0a584c9857d44f3001af4838d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

PlaySoundW

winspool.drv

ClosePrinter

comdlg32

FindTextW

comctl32

ImageList_Add

shell32

ShellExecuteW

user32

GetDC

version

VerQueryValueW

oleaut32

VariantInit

advapi32

RegLoadKeyW

msvcrt

memcpy

ole32

IsEqualGUID

gdi32

Pie

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.MPRESS1
Size: 2.6MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE