2aaea204ad70b2dd9b3d636a54f34e18 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2aaea204ad70b2dd9b3d636a54f34e18
Size

780KB
MD5

2aaea204ad70b2dd9b3d636a54f34e18
SHA1

2ced7868052f64ad707e2a6efe7a659f4bd88698
SHA256

725dc85c97564f8a8abd3aa4357421f14554317e6e4e29dfe89d6d5e5968cc58
SHA512

28ea2ae864e2d09f551582d3e956a029077a590dedc3bfc7a28a51eb09204f9e8ba799866acfa969c9a6b3c43d9a3a2b7b5e0d7ccce12a31c20b48f0eed1a20b
SSDEEP

3072:iCmRu8yt4kSKcnZYR1TIU3vGKP6EOljPgACmRu8:iR7ytzg6R1TdOc6ljPnR7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2aaea204ad70b2dd9b3d636a54f34e18

Files

2aaea204ad70b2dd9b3d636a54f34e18
.dll .ps1 windows:4 windows x86 arch:x86 polyglot

736a8101aeda7ce3878b939744a37f74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
SetFileApisToANSI
CloseHandle
RestoreLastError
ReadFileScatter
LocalAlloc

ntdll

RtlGetProcessHeaps
RtlDoesFileExists_U

user32

GetWindowRgn

ole32

CLIPFORMAT_UserMarshal

gdi32

CreateHatchBrush
PathToRegion
GetTextCharacterExtra
GetROP2
GetPolyFillMode
GetGraphicsMode
FillRgn
Ellipse
DeleteObject
CreateEllipticRgn
PtVisible
SetArcDirection
SetDCBrushColor
SetGraphicsMode
StrokePath
SetRectRgn
SetLayout
PtInRegion

shlwapi

SHSetThreadRef

shell32

SHIsFileAvailableOffline

winfax

FaxGetDeviceStatusW

Exports

Exports

r92vsg

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ