291e49934669c3965888e6a5ebeb9bc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

291e49934669c3965888e6a5ebeb9bc9
Size

161KB
MD5

291e49934669c3965888e6a5ebeb9bc9
SHA1

b699d6bc2a855214fdbb21c9343d26fd035b62b0
SHA256

78df16e37890fbdccde2ce2d2bae03b04a2d8fa3150cb9e0c8b143ef86472387
SHA512

5609c6ca5e1f7114ca47bc6089795e003e6cacd25b51fa84a7ac3dc8aa0e3c308148b7b706263b41bcf345e7118df3491b915f56e8127cf11bd33be979d3abeb
SSDEEP

3072:GCR9mHvVwmmIgRuO/GKM4jmGGoBrrEUOYDAq/lg0Z4st:GCR9SVwfIUuO/FgoBr4UPDAq/9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
291e49934669c3965888e6a5ebeb9bc9

Files

291e49934669c3965888e6a5ebeb9bc9
.dll windows:4 windows x86 arch:x86

393d04897c90543f2b306a92a7b8a759

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DuplicateHandle
ExitProcess
FindResourceA
FreeLibrary
GetACP
GetCommandLineA
GetEnvironmentStringsW
GetModuleHandleA
GetOEMCP
GetPriorityClass
GetStartupInfoA
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapCreate
LoadResource
LockResource
MultiByteToWideChar
RtlUnwind
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateThread
lstrcmpA
lstrlenW

msvcrt

wcslen
__set_app_type
free
realloc
strpbrk
time
wcscmp
_cexit
wcscpy

user32

UnionRect
TrackPopupMenu
InvalidateRgn
GetSysColor
GetDesktopWindow
CheckMenuRadioItem

oleaut32

RevokeActiveObject
SafeArrayAllocDescriptor
SetErrorInfo
SysReAllocString
ClearCustData

shlwapi

SHQueryInfoKeyA
SHSetValueA
StrStrA
PathGetDriveNumberA

Exports

Exports

CloseCaptureDevice
W32N_GetNetCardRegistryPath
XFromIchRaw2

Sections

.text
Size: 102KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ