04b9643604dd186aed49a8268764a22d | Triage

Sharing

General

Target

04b9643604dd186aed49a8268764a22d
Size

20KB
MD5

04b9643604dd186aed49a8268764a22d
SHA1

def8ce99a2c29f7834548fdf23b69004183359cc
SHA256

e8513a8aacd29f2169c4871ae2a8596ed25965fe71b99a504307d9c3969cd77c
SHA512

9d0c243f5381e6761880541618a96b0d927a564c0d9cfc613e5e5f9a295e0d2b1b92e594cfda8feb07f2562691923f1efb115edb74545a3039ff638113883810
SSDEEP

384:Lm8wXr4hqhjgGpsnZ2fi604d+opwA/jzAb2+bXec7GDrbPzEp/T8dRoKOixadckp:zwMhqFzqF4+oiA/jM1bXewArbPIp/Idy

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MineralHack.dll
unpack001/load.exe

Files

04b9643604dd186aed49a8268764a22d
.rar
Mineral Hack Readme.txt
MineralHack.dll
.dll windows:4 windows x86 arch:x86

067b3a5c32a11b27e072c4e24f291e71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowsHookExA
MessageBoxA
GetWindowThreadProcessId
FindWindowA

kernel32

RtlMoveMemory
lstrcmpiA
VirtualProtect
Sleep

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
load.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

OMFG
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LMAO
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ROFL
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
load.txt