1e23c9d1d9e829ed4ec6ba7238dd1ebc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1e23c9d1d9e829ed4ec6ba7238dd1ebc
Size

19KB
MD5

1e23c9d1d9e829ed4ec6ba7238dd1ebc
SHA1

00067b6f8ff3834288e92f62062a5f23645bc8cb
SHA256

f557bccf406893d5856615a4c7b39abb37b223e3c3849de68bc77949f0218148
SHA512

081764c66a5f33983af469e6c2d8ae1a7e7c8b1e86d0a53f0d837d34b7c19dd101344e34c79909442863f31c8f49adce89783623ec29d8a85bcbb9d906f616a6
SSDEEP

384:jCpWUiMzk5SSAan6Avcl5G47IU2BL7osBn8pn/FAihV3k:jCQUiMzAJn/El5GG2BL7J+/5hV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e23c9d1d9e829ed4ec6ba7238dd1ebc

Files

1e23c9d1d9e829ed4ec6ba7238dd1ebc
.dll windows:4 windows x86 arch:x86

9846297b712212dcd11a3abafab63b9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

SHDeleteKeyA

rasapi32

RasEnumDevicesA

iphlpapi

GetAdaptersInfo

user32

SetThreadDesktop

advapi32

OpenProcessToken

Exports

Exports

EvtShutdown
EvtStartup
StartMain
inst
run

Sections

.text
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE