1a7a64404a8088e249494f97724c0e72 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a7a64404a8088e249494f97724c0e72
Size

23KB
MD5

1a7a64404a8088e249494f97724c0e72
SHA1

57bf42e3fd950ada1811e4d4ae9e75c739edb5f7
SHA256

ff857d96912ad08f9b78c9c37bf518affaf112572d8e1372f6b33cea27cf25dc
SHA512

783ca1c02d5e1c56b5be20301132dce62b03a1d41185041b953663d9d0c0a9324c6559592493de09d1c77f1dfe881a8a9de00a202d43e7334784fd0d22400bdc
SSDEEP

384:CnULRKx0dIbb+oJTpdahojH6s8z+9O3wXfPBWYnsqiFALTq:CnahdIWox96IKwXn4BFb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a7a64404a8088e249494f97724c0e72

Files

1a7a64404a8088e249494f97724c0e72
.dll windows:6 windows x86 arch:x86

88f6403028113cb613e696235cb7ea3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rtutils

LogEventW
RouterLogEventStringW
TraceDeregisterA
TraceDeregisterExW
TraceDumpExA
TraceGetConsoleA
TracePrintfExA
TracePutsExA
TraceVprintfExW

setupapi

SetupCloseFileQueue
SetupDiGetClassDescriptionExA
SetupDiInstallDeviceInterfaces
SetupGetSourceFileSizeA

wininet

FtpGetCurrentDirectoryW
GetUrlCacheConfigInfoW
GopherCreateLocatorA
HttpSendRequestExA
InternetUnlockRequestFile

ole32

CreateFileMoniker
GetClassFile
GetHGlobalFromILockBytes
IsAccelerator
MonikerCommonPrefixWith
OleCreateLinkEx
OleQueryCreateFromData
OleRegEnumVerbs
OleSetClipboard
UtConvertDvtd16toDvtd32

msi

ord27
ord57
ord91
ord120

kernel32

EnumSystemCodePagesW
GetProcessHeap
HeapAlloc

msvcrt

_adjust_fdiv
_initterm
free
malloc
memcpy
memset

Exports

Exports

zezoewnvwh

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ