efbdd9011187ff448c2dd68c9d4e6fe43664bf3e71075a74e3301e677dbebe73

General

Target

efbdd9011187ff448c2dd68c9d4e6fe43664bf3e71075a74e3301e677dbebe73
Size

433KB
MD5

1ef1128631b46c1a67e68c8d6524303c
SHA1

a81be98ed63ed3072c4eb5502525bd885480f01d
SHA256

efbdd9011187ff448c2dd68c9d4e6fe43664bf3e71075a74e3301e677dbebe73
SHA512

6982f8d36f285cb62917980d13c3679fbc9678ed015d47d63615dcea258018cfbc05eb37d3cdb2f226da22d59880e5f75916a66635608ede52ffcacdfb59e5e5
SSDEEP

3072:o2R1mxrbTkH2SvIIkAKhYQ5ttbmP76fFTpB30k3KYO5aBw:tmxfYWSvISKhYQV6PsFP37

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efbdd9011187ff448c2dd68c9d4e6fe43664bf3e71075a74e3301e677dbebe73

Files

efbdd9011187ff448c2dd68c9d4e6fe43664bf3e71075a74e3301e677dbebe73
.dll windows:5 windows x86 arch:x86

26180d621babad55081052fd4719afed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CloseHandle
CreateFileA
WriteFile
VirtualAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualQueryEx
ReadProcessMemory
CreateProcessA
TerminateProcess
ResumeThread
GetModuleHandleA
ReadFile
GetFileSize
SetFilePointer
ExitProcess
GetModuleFileNameA
SetFileAttributesA
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapAlloc
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

wsprintfA

Exports

Exports

DisableHook
EnableHook

Sections

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 415KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26180d621babad55081052fd4719afed

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 415KB - Virtual size: 418KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 5KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 415KB - Virtual size: 418KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 5KB