f806a28f21138f3351cb4f528a3c9489 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f806a28f21138f3351cb4f528a3c9489
Size

241KB
MD5

f806a28f21138f3351cb4f528a3c9489
SHA1

208489cb038046b8e2f13ebbeec3f897513c4e64
SHA256

538ae9277f0cc78b9f0436a27197566c63a2d634942fca9e9ea1ef43b693f805
SHA512

9d5240f65e4ef39d3b9634545417b6e3202346b6fd6df2611875740e43fc5cc2efbe4aebe5f4be42073589dcfec5d6b635cd258d29cc302aba0076590210dd3e
SSDEEP

6144:27VUl7Vrk3DHXj6VYSZuubBmdR5WV5+t1:2h0Br0KVMR0V5+t1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f806a28f21138f3351cb4f528a3c9489

Files

f806a28f21138f3351cb4f528a3c9489
.dll windows:4 windows x86 arch:x86

f9d060fcafd882d068dfe430f6d501e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReplaceFileA
CreateFileA
SetEvent
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
RaiseException

ole32

CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
OleInitialize
OleSetClipboard
CoGetCallContext

msvcrt

wcsncpy
wcsncmp
setlocale
wcsrchr
iswctype
memmove
wcscmp
rand
wcschr
wcstombs
wcslen
free
wcspbrk
mbstowcs
wcstoul

secur32

GetUserNameExW

Exports

Exports

AndIsLinesThe
ColumnInto
ContinuationsAndWithExamineInformation
DoesNameNameA
FirstMustEmptyLineCase
SyntaxValue
ToValueTheBut
TrailingPreservedSectionDirectivesOf
ValueLinesWithTheIs

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ