07389f7061212c2018c0cde9f490925d | Triage

Sharing

General

Target

07389f7061212c2018c0cde9f490925d
Size

5KB
MD5

07389f7061212c2018c0cde9f490925d
SHA1

5d407dee386972debe047611a242e49c2c786bb4
SHA256

4541904d9c8f94acf8f577973dfc102fe9debf892525790688f4b25bd26bb742
SHA512

9b2d55c9a01e7032fa731489127839b20511129f86ca8b60c7463e727d17279834eb03a20adce3e8b421a0c75199d2842499e8632f0a82f7046ddec7d3c99107
SSDEEP

96:02nHe4TSDr15qRWLJQwbG/k5iP5VWcZHxUBNVJQP:02n+4mDpFC4G/kIP5VWW23JQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07389f7061212c2018c0cde9f490925d

Files

07389f7061212c2018c0cde9f490925d
.dll windows:4 windows x86 arch:x86

622b01af2e1a1f47e0d71583335ab7b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetCommandLineA
GetModuleFileNameA
GetPrivateProfileStringA
lstrlenA
TerminateProcess
GetCurrentProcess
WinExec
lstrcmpA
Sleep
DeleteFileA
GlobalAlloc
lstrcatA
lstrcpyA
GetSystemDirectoryA
GetModuleHandleA

user32

CallNextHookEx
SetWindowsHookExA
CharUpperA
CharLowerA
wsprintfA

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

Exports

Exports

ENProcess
HDDGuard

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 561B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ