04010ac1a35c3c9a77c17d67c51db191 | Triage

Sharing

General

Target

04010ac1a35c3c9a77c17d67c51db191
Size

7KB
MD5

04010ac1a35c3c9a77c17d67c51db191
SHA1

c6f59f86ccefaa3c26c82292c9f38afdb47565b4
SHA256

58e07a3d3b1335ef053294525434ec32119d06f1969d5ff3ba049c3f5e1aa412
SHA512

3ac577e7c149a88d5618185a6d2573bcce8afc92771754275933c56a52c55b7b77decd4627f728001a930c327c6b42160464fa6e3b0a04580131609643cf140e
SSDEEP

96:wOfC21FMW3cLJMZiiSBDrMrg12yMrSNxLP8k2ofHZDL2DnC2cBS:b1FMW3c6gPBP7YVrSNxLP0nck

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04010ac1a35c3c9a77c17d67c51db191

Files

04010ac1a35c3c9a77c17d67c51db191
.dll windows:4 windows x86 arch:x86

e67272c4ed6fb08e5284cfcf3fd7a2a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

ntdll

ZwQuerySystemInformation
strtoul
memcpy
RtlInitAnsiString
LdrGetProcedureAddress
NtQueryInformationProcess

kernel32

GetCurrentProcessId
CreateThread
GlobalAddAtomA
GlobalFindAtomA
Sleep
GlobalDeleteAtom
WinExec
VirtualFree
CloseHandle
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
VirtualAlloc
lstrcpyA
lstrlenA
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
LocalFree
LocalReAlloc
LocalSize
LocalAlloc
WriteFile
CreateFileA
DuplicateHandle
OpenProcess
GetLastError
CreateRemoteThread

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ