648842c1ff31e4f64cbef8e9a06dbad2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

648842c1ff31e4f64cbef8e9a06dbad2
Size

72KB
MD5

648842c1ff31e4f64cbef8e9a06dbad2
SHA1

ef1a0a22053e606001f162b47ebd2f7496205636
SHA256

98dc08cc1449a1ad8a2c8643d7e09670940238ae1e32d5f04f0412ed58c15dd5
SHA512

aa5d708af8c885c4e9b09c51f82b24673ba2824a52af7a745461dc7918ce56c37d42632a745558e6183cbffa8e665c5065608d3f21bdb45caf2b88e97a0a585d
SSDEEP

1536:xgKi1axKsJkz+KAoejxzXIkZnEq9jXRXWYQgR9ALMB0eF42:x9JJkynPVzXIKEqB5Wc9yMBjF4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
648842c1ff31e4f64cbef8e9a06dbad2

Files

648842c1ff31e4f64cbef8e9a06dbad2
.dll windows:4 windows x86 arch:x86

8d0c5a1328e2b1e42d95c9008a475b7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExSystemTimeToLocalTime
SeCreateClientSecurity
KeProfileInterrupt
SeAuditingFileEvents
KeReadStateSemaphore

Sections

.data
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 195B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ