0468152aa6a0c90e9c93d59b248eeac2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0468152aa6a0c90e9c93d59b248eeac2
Size

148KB
MD5

0468152aa6a0c90e9c93d59b248eeac2
SHA1

0261d740ac722e4241a4ade798a61908625f4c5f
SHA256

effdb12f3dd329d2f54e9c5c955af3c1f4cb6d1fdf2a1ef62910135a6baa9a00
SHA512

d793a6f356d810fced8b13f7a2bec0c4507d951be3411646804ce4b9c2a1a7e5934f25b082995e1265a7e1ad926ff84eb02c71b318e9b4dc3724a1aafa81488d
SSDEEP

3072:969EXNpwpypkfQ7T+2qTV6zTP5AGS94W/q3YTBfROrK:WEXN5pN0g04WCoTBJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0468152aa6a0c90e9c93d59b248eeac2

Files

0468152aa6a0c90e9c93d59b248eeac2
.dll windows:4 windows x86 arch:x86

77039296ad5c841987927924af51993d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

picn20

PegasusUnload@8
_PicOp32@8
PegasusLoadFromRes@16

kernel32

GetProcessHeap
HeapReAlloc
HeapFree
HeapAlloc

Exports

Exports

_Pegasus@8

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ