DecryptFile
DllRegisterServer
Flag
Static task
static1
Behavioral task
behavioral1
Sample
kthIFOTHA_nosleep_sample.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
kthIFOTHA_nosleep_sample.dll
Resource
win10v2004-20230915-en
Target
kthIFOTHA_nosleep_sample.11f
Size
134KB
MD5
22a7e380ba92d55ba6ecdd33a8fba5c2
SHA1
2e82e20eb22ed6dcc8d236e9abf3d9df2dc13e63
SHA256
64d204d2fab1acab78702bf7f2581d0664461a838c39e8fcaa5a0a658906452e
SHA512
4defe4824dcb5a6a137bac0cd1709f29d2aa3068b002604988244dc74ccecc5ac83a73ae15148a771786d49a5483122bc193e033e1ffdaaab17e432ae72ecdd9
SSDEEP
3072:6XxCEsnvJR4kDyFyk/I1moixPvCzr/qzIOR6IBxHrJl:9BryFyk/I18yze8OtBtJl
Checks for missing Authenticode signature.
resource |
---|
kthIFOTHA_nosleep_sample.11f |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
_CorDllMain
DecryptFile
DllRegisterServer
Flag
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ