12aa3501b905559bb83e631ce9c8aa27 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12aa3501b905559bb83e631ce9c8aa27
Size

150KB
MD5

12aa3501b905559bb83e631ce9c8aa27
SHA1

4556ac636c673ed21b5c454bfb0bfa1d6b77c6b4
SHA256

7d2824ee90351481bbcb8fb4b5f6ebaaa20824cab42be561920c25596c55c769
SHA512

eb438c9540501723558b56bde0eb24b92c5441a507502c875522525f78538988798dfefbbdc08621d4eb731ae6ada5f27e4ce27f6d05b11939a6eb2ba660d6aa
SSDEEP

3072:TTWDGeQbILS00wgTQhkLGhBvgEWFdyR5vt2mG6:TTqjL4ijB+mT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12aa3501b905559bb83e631ce9c8aa27

Files

12aa3501b905559bb83e631ce9c8aa27
.dll windows:4 windows x86 arch:x86

44dbb63847183a3f7c379297d8d7ddf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW
CommDlgExtendedError

kernel32

GetModuleHandleW
FindClose
FindNextFileA
GetStringTypeW
FindFirstFileA
EnumResourceLanguagesA
WideCharToMultiByte
ReadFile
WriteFile
SetFilePointer
GlobalHandle
IsDBCSLeadByte
GetModuleHandleA
VirtualProtect
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep

oleaut32

DispGetIDsOfNames
CreateErrorInfo
OleCreateFontIndirect
GetErrorInfo
SetErrorInfo
GetActiveObject
VariantInit
SysFreeString

Exports

Exports

AlphaBlend
GradientFill
TransparentBlt

Sections

.text
Size: 97KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ