7efedf061a54834a747bd21599349a34

Sharing

Copy URL Twitter E-mail

General

Target

7efedf061a54834a747bd21599349a34
Size

21KB
MD5

7efedf061a54834a747bd21599349a34
SHA1

985e2914e622b19673189f70b627119ddb313cfa
SHA256

253ab656d75a2ba148d29c21c0ca879bbe7cfd17d3c1e52e7ec6ca684adb4452
SHA512

29ce2c31f575b5ae0d065420f05b2fad38b95118224d67dd35f4fa0d05890763a0f516f90ff32b4b39a1cbf4c8f410f99038ff798e08d9edcd96ef94d825eda7
SSDEEP

384:CGdZbLkPTStwRgEej+osYckb0skP4WTLHnH6Pb49GrCfEIKR:CGdZbI+wmjBckbbkP4WTlMrAY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7efedf061a54834a747bd21599349a34

Files

7efedf061a54834a747bd21599349a34
.dll windows:5 windows x64 arch:x64

f3bb244f4f45cf4aa5688eacef3641a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

SendMessageTimeoutA
GetTabbedTextExtentA
CreateIconIndirect
ChangeMenuA
SetThreadDesktop

advapi32

SetSecurityDescriptorDacl
LookupAccountSidW
ImpersonateLoggedOnUser

ws2_32

gethostbyaddr
getpeername

comdlg32

GetFileTitleA

kernel32

RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetCurrentThreadId
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcessId
GetSystemTimeAsFileTime
WaitCommEvent
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
WriteProcessMemory
VirtualAllocEx
CreateProcessW
GetTickCount
GetProcAddress
GlobalAlloc
VirtualAlloc
GetModuleHandleA
FindClose
UnhandledExceptionFilter
GetCurrentProcess
Sleep
DecodePointer
EncodePointer
TerminateProcess

version

VerFindFileA

msvcr100

_encoded_null
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_initterm_e
_initterm
_malloc_crt
free

Exports

Exports

FindResourceK

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3bb244f4f45cf4aa5688eacef3641a7

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

ws2_32

comdlg32

kernel32

version

msvcr100

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 252B

.reloc Size: 512B - Virtual size: 36B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 252B

.reloc
Size: 512B - Virtual size: 36B