1b70f65480f7a6d2b927fcfc1d4f8a48 | Triage

Sharing

General

Target

1b70f65480f7a6d2b927fcfc1d4f8a48
Size

61KB
MD5

1b70f65480f7a6d2b927fcfc1d4f8a48
SHA1

018d403b9311e2211cfbde05bdb28f8f270c125d
SHA256

6b1e5b0dea24faa30f1ce02099bd5c3ca145a78a52d79799399f27a147c3be9d
SHA512

2062f4ca317c137015d4be3a0e11dc27c00a053a05d24e87464cc36356eae581eb83e32a97d5c44a16e1745080815ad3032ba7bf1189fd52e7a33c11a964bff5
SSDEEP

1536:hsSQTU2VnK4vT149aR0fBHEljK5jgbd8kHwum:i428OTPuf5E458Hvm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b70f65480f7a6d2b927fcfc1d4f8a48

Files

1b70f65480f7a6d2b927fcfc1d4f8a48
.dll windows:5 windows x86 arch:x86

430e9eb3770227eef4d9e955e622693e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

BeginPath
PatBlt
RealizePalette
StartDocW
GetDIBits
EndPage
GetRgnBox
CreatePolygonRgn

ntdll

memset

kernel32

HeapLock
FindNextFileW
lstrlenA
GetModuleFileNameW
GetModuleHandleA
GetShortPathNameW
IsDBCSLeadByteEx
IsValidLanguageGroup
CreateWaitableTimerA
GetModuleFileNameA
GetTimeZoneInformation
GetUserDefaultLangID

user32

UpdateWindow
GetSysColor
GetWindowTextLengthA
DialogBoxParamA
GetKeyState
GetDialogBaseUnits
InSendMessageEx
ModifyMenuW
WindowFromDC
IsCharAlphaNumericA
SendDlgItemMessageW
InvertRect

comdlg32

GetFileTitleW
PrintDlgW
ReplaceTextW
GetSaveFileNameW

Exports

Exports

?EckxcyGcxkdfZpxp@@YGFPAJN@Z
_EcnnlOpsG
?AufHoImywnyjxsylck@@YGPAIH@Z
WhnfGqurwdntiyTfiebj
Rvuqkxkwb

Sections

.itext
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ