161e11ced994d154e1a07c9916e0844d222ad03da81c4d35818cbc3919ecd955 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

161e11ced994d154e1a07c9916e0844d222ad03da81c4d35818cbc3919ecd955
Size

3.0MB
MD5

13d24eb178e9a71b88fd873e2821c5e7
SHA1

4d355b129399514c4c93edbf3769256cd61861c5
SHA256

161e11ced994d154e1a07c9916e0844d222ad03da81c4d35818cbc3919ecd955
SHA512

01195bd4a5de527d30f1d02a6466699bf8443fa04b48fb849a4e7143efaf1aab2f2c75e5be3d248ccc9dae6b9bfcce06ca79d03cf40d884d3fb5e6dc443af235
SSDEEP

49152:9iPhbXERvOOlOnk5vnEBEMLKKUH2oUwYgHVvJdQHeTrT9ztxx:9iPhbXE1HD5FZrB70y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
161e11ced994d154e1a07c9916e0844d222ad03da81c4d35818cbc3919ecd955

Files

161e11ced994d154e1a07c9916e0844d222ad03da81c4d35818cbc3919ecd955
.dll windows:5 windows x86 arch:x86

5492387f1f8226db2c45ab2cf310cd08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnlockFileEx
SystemTimeToTzSpecificLocalTime
GlobalUnlock
LoadLibraryW
VerLanguageNameW
GetSystemTimeAsFileTime
InterlockedPushEntrySList
GetModuleFileNameA
GetModuleFileNameW
GetBinaryTypeW

msvfw32

DrawDibSetPalette

msvcrt

isxdigit

shlwapi

SHCreateShellPalette

oleaut32

GetErrorInfo

rpcrt4

RpcRaiseException

user32

UnloadKeyboardLayout
ShowCaret

ntdsapi

DsUnBindW

advapi32

SetSecurityDescriptorControl
RegCloseKey

Exports

Exports

OodIrssdul

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1016KB - Virtual size: 1015KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ