4926be3eb81b175fad65b7c528b85865

Sharing

Copy URL Twitter E-mail

General

Target

4926be3eb81b175fad65b7c528b85865
Size

64KB
MD5

4926be3eb81b175fad65b7c528b85865
SHA1

135d8abab526741701392587113d35392f0f7752
SHA256

6a21d10796ddef9fc70723e01cb44a020727f64cddff46e991e4fadcba3154d3
SHA512

6dd4bc69385e600bc31f3552887c672fb3ba2865e3cb51d592410f668e8d88f68c14b24a3d0cc0453ff88e785d583cbd870bf3aa8fec06aec3a9b21bedab3822
SSDEEP

1536:DGQtzls9PRvIQ7oo57wPi9kmmiwriK7RXxe9rU:Hzls9JIQN5Sm5wiK7RXxIU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4926be3eb81b175fad65b7c528b85865

Files

4926be3eb81b175fad65b7c528b85865
.dll windows:5 windows x86 arch:x86

2849594ee76c9dff8c121a85e95b7a1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
MapViewOfFile
GetCurrentThreadId
CreateEventA
GetCurrentDirectoryW
IsBadReadPtr
SetFileAttributesW
GetCurrentDirectoryA
GetSystemDefaultLCID
VirtualFree
SetErrorMode
GetCurrentThread
IsBadCodePtr
FileTimeToDosDateTime
DeleteFileA
OutputDebugStringW
LeaveCriticalSection
LocalFree
lstrlenW
GetLastError
GetDateFormatA
ExitProcess
GetProfileStringW
GetStdHandle
FindResourceA
HeapCreate
LCMapStringA
FreeEnvironmentStringsW
GetVersion
SetCurrentDirectoryA
QueryPerformanceCounter
CloseHandle
InterlockedDecrement
GlobalUnlock
GetEnvironmentStrings
GetModuleFileNameA
OpenFile
WideCharToMultiByte
WaitForSingleObject
GetVersion
GetStringTypeW
GetTickCount
SearchPathW
FreeLibrary
SearchPathA
GetSystemDefaultLangID
GetCommandLineW
CreateFileMappingA

imjpdcom

IsPathValid
ResourceTypesEqual
FindSzProperty
GetSzProperty
SetExpandSzValue
GetResourceName
StopService
GetPropertySize
FindBinaryProperty
StartResourceService
GetPropertyFormats
FreeEnvironment
EnumResources
DupParameterBlock
SetPropertyTableEx
FindLongProperty
StopResourceService
GetSzValue
PropertyListFromParameterBlock

ntdll

RtlInitUnicodeString
ZwSetEvent
NtQueryInformationProcess
NtOpenSection

Exports

Exports

CreateProcvssNotify
OpenComponentLibraryOnMemEx
SetActionLogModeSz
SetActionLogFile
OpenComponentLibraryOnStreamEx
ServerGetApplicationType
RegisterApplication
CancelUnimodemTimer
OpenComponentLibraryEx

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2849594ee76c9dff8c121a85e95b7a1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

imjpdcom

ntdll

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.data Size: 10KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 51KB

.data
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB