f9dc41d968bd756a149d3ca9006c35a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9dc41d968bd756a149d3ca9006c35a0
Size

57KB
MD5

f9dc41d968bd756a149d3ca9006c35a0
SHA1

101130079cfcf58ad342b72866f3c3bea88934b3
SHA256

e38efed1729aa7e0e8f0287024f2ba1a21560dfa7455423b9886b517e076831c
SHA512

7b7f6cc2afa62393f44da8351a34ffa94615625c4a5d3752a3f2c9374e83367e7bd299c01bbcc099d5e11b4a2a995883b29d18d06d242c9aac714fbb0091fef7
SSDEEP

768:94nLF70T/Hv4nNluIIcJdEWJ+Ip2L03BylqfO6gqYr:uV0Tfv4nnue4Wdp2Gy8fO6gqY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9dc41d968bd756a149d3ca9006c35a0

Files

f9dc41d968bd756a149d3ca9006c35a0
.dll windows:4 windows x86 arch:x86

f45c7b3c4b95454fb84eda37ae82256c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Beep
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
ReadFile
CreateFileA
GetModuleFileNameA
MoveFileWithProgressA
FillConsoleOutputCharacterA
CreateTapePartition

Exports

Exports

butan

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ