70fb632e0a69e828c944f6280eb05087

General

Target

70fb632e0a69e828c944f6280eb05087
Size

47KB
MD5

70fb632e0a69e828c944f6280eb05087
SHA1

8aa7c5b41fcfd9a2efb509c1363b99bc744b12df
SHA256

37e085e3a88d4ed10189fb352143c02be60d6dc8f19dbdbb695374dd8ce6cb0f
SHA512

6fec24b20c5634694884b4d648dddfc4cbb1ff1340a8277c0d50735fefeada04e98554bd8830f7ecfd7d7285351e91a9b1fa0552fef0fe0aff7517de0437469b
SSDEEP

768:Xm8UvCgJk8FXqIIjxjM0vJFExTSExy181JNcFsInEJPRI3LheKN5DH1kfAQvYdnS:Q3k89IjxjMAFOT3y18ijEVi3045DHAA0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70fb632e0a69e828c944f6280eb05087

Files

70fb632e0a69e828c944f6280eb05087
.dll windows:5 windows x86 arch:x86

a49c9ed3a801462e2924910d9f3e91fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

cfgmldlg

SdbTagToString
ImmGetCompositionWindow
SdbReadBinaryTag
FindExecutableA
RealDriveType
PathProcessCommand
CtfImmIsGuidMapEnable
ImmWINNLSGetIMEHotkey
ImmUnregisterWordA
CtfImmGenerateMessage
CtfImmDispatchDefImeMessage
ImmGetRegisterWordStyleA
ImmSetCompositionWindow
DllRegisterServer
SdbFindNextTagRef
CtfImmIsTextFrameServiceDisabled
ShimFlushCache

kernel32

FreeEnvironmentStringsA
InterlockedCompareExchange
GetEnvironmentStringsA
GetCurrentProcessId
SetThreadExecutionState
ReadFile
CreateFileA
SetCurrentDirectoryA
GetThreadPriorityBoost
SetFilePointer
HeapDestroy
VirtualQuery
RtlFillMemory
GetSystemTimeAsFileTime
SetThreadContext
ExpandEnvironmentStringsA
WriteFileEx
InterlockedExchangeAdd
WriteFile
OpenThread
GetModuleHandleA
ReadFileScatter
MapViewOfFile
GetVersion
lstrcmpA
HeapAlloc
InterlockedExchange
WaitForSingleObject
HeapCreate
GetStringTypeExA
GetFileAttributesExA
WaitForMultipleObjects
HeapSetInformation
CreateFileMappingA
lstrcatA
ConnectNamedPipe
UnmapViewOfFile
CallNamedPipeA
HeapFree

Exports

Exports

CreateProcessNotify
relolace

Sections

.text
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a49c9ed3a801462e2924910d9f3e91fb

Headers

File Characteristics

Imports

cfgmldlg

kernel32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB