28e4fd398b7536e4982d48fce6e0dc8a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28e4fd398b7536e4982d48fce6e0dc8a
Size

1.7MB
MD5

28e4fd398b7536e4982d48fce6e0dc8a
SHA1

341dc6b7ba079bd3d73d6aeb5a27c64834cb276b
SHA256

6d60d6ce1bef0eacde2bfaf830325245d6ffb50d0233c8b87b51d4cff6656622
SHA512

63c801eb3a8e5eb83ff9e9b9ff3585f663f427a70303dc3c637c416b2c7bc925a9b1b7c5bec0229d333343aaf44342de25fb852008e255c3fdb2ff523708d88a
SSDEEP

49152:9s74bu1q3ecfRDa3HpwOK0d791u6NRpz6GOz/:HK1uzo3Hpwj0dND16GOz/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28e4fd398b7536e4982d48fce6e0dc8a

Files

28e4fd398b7536e4982d48fce6e0dc8a
.dll windows:5 windows x86 arch:x86

403020180833ae62f98e125613b59af6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
GetEnvironmentVariableA
GetDateFormatA

user32

CheckMenuRadioItem
MapVirtualKeyW
RedrawWindow

gdi32

ExtFloodFill
SetGraphicsMode

Exports

Exports

gehrofxapw
lsritrcgawzavxh
oorustxvuce

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ