5eca940dcd671605528ec1adeed3d307 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5eca940dcd671605528ec1adeed3d307
Size

40KB
MD5

5eca940dcd671605528ec1adeed3d307
SHA1

f5094167a28164d9c77636b56aff93f3e0f8f8a3
SHA256

232ebab61aef22357f0e51367cf738903faf613ecd3e078ae7fb839981726c24
SHA512

0d2c8de07776043c7edd8a560072558d0e89cafbd0e1e85a5cc33bb86c62293d26db466b941a286e7166b3d03b671b35bf2dbf3e482de79305f01a65a798f2ab
SSDEEP

768:rrYfPy9ussKbRKsAVguIq7Nbb3lfUM7jvjeSAQTOwlgQe0eNBZC:/6PHAQsASul1hLdOwlgl/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5eca940dcd671605528ec1adeed3d307

Files

5eca940dcd671605528ec1adeed3d307
.dll windows:4 windows x86 arch:x86

6652d07bce19bbb3c5b9e79a3bb33a33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlGetGroupSecurityDescriptor
PoRequestPowerIrp
PoSetHiberRange
NtCreateEvent
_wcsrev
InbvNotifyDisplayOwnershipLost
ExInterlockedPopEntrySList
ZwSetSystemTime
RtlImageNtHeader
RtlNumberOfSetBits
RtlExtendedIntegerMultiply
RtlCompareMemory
NtQueryInformationProcess
CcGetFileObjectFromBcb
FsRtlGetNextMcbEntry
ExInterlockedPopEntryList
PoRegisterSystemState
FsRtlAddMcbEntry

hal

HalFlushCommonBuffer
KeRaiseIrqlToSynchLevel
KeAcquireSpinLockRaiseToSynch
HalGetAdapter
HalAssignSlotResources
HalSetTimeIncrement
HalGetBusDataByOffset
HalRequestIpi
KeStallExecutionProcessor
KeLowerIrql
HalSetRealTimeClock
IoReadPartitionTable
HalCalibratePerformanceCounter

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 14B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ