47f37e1e9f1f4fd26f1625786fd94084b0ccd8db23c163750153cb704e761fa4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47f37e1e9f1f4fd26f1625786fd94084b0ccd8db23c163750153cb704e761fa4
Size

4.5MB
MD5

5b869e01b5f3699ae60f16e95831595a
SHA1

08a63adf9f1d03c5d794ec68e9da7f23ca503d2b
SHA256

47f37e1e9f1f4fd26f1625786fd94084b0ccd8db23c163750153cb704e761fa4
SHA512

b1d2c96691a12c6f76f3fa2efb57c41919946187fa3cd7e4898137b6e86669d2b889b1f0ea2a8fdacb7f9eb34a87264fc07cb6d995e4082154cb58cc315b6df4
SSDEEP

98304:YyKUsA29AzCWefhjzbWMSVyrpR3fd0B/uWHbLVLzjM:YJVAUbqVKkDNo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47f37e1e9f1f4fd26f1625786fd94084b0ccd8db23c163750153cb704e761fa4

Files

47f37e1e9f1f4fd26f1625786fd94084b0ccd8db23c163750153cb704e761fa4
.dll windows:6 windows x64

33a338c66f09dc20b4136637572150bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

BaseGetNamedObjectDirectory
IsWow64Process
CreateDirectoryW
BaseSetLastNTError
LoadLibraryW
FreeLibrary
OpenFileMappingA
MapViewOfFile
OutputDebugStringA
GetLastError
SetLastError

ntdll

NtFreeVirtualMemory
NtFlushInstructionCache
NtQuerySystemInformation
NtWriteFile
RtlDosPathNameToRelativeNtPathName_U
NtOpenProcess
RtlInitUnicodeString
LdrFindResource_U
NtAllocateVirtualMemory
NtClose
NtProtectVirtualMemory
NtCreateMutant
RtlFreeHeap
NtWriteVirtualMemory
NtCreateFile
NtWaitForSingleObject
LdrAccessResource
NtCreateThreadEx
_vsnprintf
_swprintf

Exports

Exports

rundll32

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ