01b8b411243336eda1838e9464014548 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01b8b411243336eda1838e9464014548
Size

22KB
MD5

01b8b411243336eda1838e9464014548
SHA1

e6870ce841e7408ae05ee91200bc28311bc3614e
SHA256

7179d7e86864063ff0d251d9d9e8f5344c187c1880a4e54bf46b6c8d70db0661
SHA512

c2e98f7209e54b6403147ece75b28fb87498202e1e61dd9c124afcff4f3608bb75dca2f9f0e5fea9f0b8ed2d41276651a7af40df83869adc4694b14a473dccea
SSDEEP

384:5YyqlLS8tPoD7q++0NxxrM83QVJjjGjbWNkt7DXudHAa64ABQpir3:KVs/xxgmQVNke364m3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01b8b411243336eda1838e9464014548

Files

01b8b411243336eda1838e9464014548
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

StartHook
StopHook
pt_ksHook
pt_tzHook

Sections

CODE
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 129B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ