bd27059e5231ee8c640059160a715027b409c12b60657eadf621da804304cad7

Sharing

Copy URL Twitter E-mail

General

Target

bd27059e5231ee8c640059160a715027b409c12b60657eadf621da804304cad7
Size

67KB
MD5

fa588a9c31c32150e7aadefac443c68e
SHA1

668649cc076176937cc14716e30252574666599c
SHA256

bd27059e5231ee8c640059160a715027b409c12b60657eadf621da804304cad7
SHA512

abbb8abb8f8f85be4514c56f1b6712b522a157c2f142ec10403faba584f69c0e0e4edf51fb0f92de6590fb3f7cc4142739479169967bbbaeca069f30f5bc4373
SSDEEP

1536:cSKhLuyEQqp3+EVeysXtbxl/LGa023HQFVGZUu6ooZVO:cLhL1DgMbxlzj3wFVtu6TZV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd27059e5231ee8c640059160a715027b409c12b60657eadf621da804304cad7

Files

bd27059e5231ee8c640059160a715027b409c12b60657eadf621da804304cad7
.dll windows:6 windows x86 arch:x86

7b58243407b0bac875b0344af1e13c38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadWritePtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent

vcruntime140

memmove
memset
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memcpy
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
fopen
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

_cexit
exit
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-math-l1-1-0

floor
_except1

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

Exports

Exports

CanUnload
CanUnload2
RACreateDecoderInstance

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b58243407b0bac875b0344af1e13c38

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 17KB - Virtual size: 19KB

.gfids Size: 512B - Virtual size: 68B

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 17KB - Virtual size: 19KB

.gfids
Size: 512B - Virtual size: 68B

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 2KB - Virtual size: 2KB