b4cdbd0fb780d133de28587be24bd3c76550f0ce267e0054bca9681a46ca1d33 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4cdbd0fb780d133de28587be24bd3c76550f0ce267e0054bca9681a46ca1d33
Size

63KB
MD5

554ef9206a7dd5f17b45d40600eb72bf
SHA1

ab3995f1074bae058183f7fb68ff9f5b5d84fece
SHA256

b4cdbd0fb780d133de28587be24bd3c76550f0ce267e0054bca9681a46ca1d33
SHA512

ff5581439303d313798fd26773ba2da53120bddf436520a5c5644fa5397ddb0989a330a795c75ba0d26a46743ba46ac4faa9e82106795a4a3cb7eac40031f5e9
SSDEEP

768:Qp2kXWTE1/p075jCZ2nsu3rslY3g3ir/urerzteFTQKpgggggg4mgbzJa4vQiSwT:Qp2XT61Z2nsowY3grzFTQEgfKNOHp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4cdbd0fb780d133de28587be24bd3c76550f0ce267e0054bca9681a46ca1d33

Files

b4cdbd0fb780d133de28587be24bd3c76550f0ce267e0054bca9681a46ca1d33
.dll windows:5 windows x64

3e88e59c15238942fad6ae1cc3630a84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcr90

__C_specific_handler
__CppXcptFilter
__clean_type_info_names_internal
_amsg_exit
__dllonexit
_lock
_onexit
_decode_pointer
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
_unlock
_encode_pointer

python27

Py_InitModule4_64

kernel32

GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentThreadId

Exports

Exports

distorm_decode64
distorm_decompose64
distorm_format64
distorm_version
init_distorm3

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ