1f9493582c5f39eff83e4d616a5d0c2d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f9493582c5f39eff83e4d616a5d0c2d
Size

13KB
MD5

1f9493582c5f39eff83e4d616a5d0c2d
SHA1

708442643cc204b4dec3077a76f02da07c0e3e65
SHA256

442e20d69a4902ce85904987123fbc88b9d1833e2a8ef300802570f010b762be
SHA512

47788273d660729ee542fc4c440d79f68be7186d4f735243612bb8572415ad211ea80f554e2b10451e207a32af08baa66777808bb7c9bf29fd6942aaaeb7f870
SSDEEP

192:UMu+Te979tTi4iOok5txAsEfQMZGc1PHTTpWJYED/5qEaSVow:UjwI7+wtAsEfrL1PzTpWG6g1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f9493582c5f39eff83e4d616a5d0c2d

Files

1f9493582c5f39eff83e4d616a5d0c2d
.dll windows:4 windows x86 arch:x86

c27a4248d8724ed9e31c928d20a60a61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

StrToIntA

psapi

EnumProcessModules

mfc42

ord1089

msvcrt

??1type_info@@UAE@XZ

user32

GetAsyncKeyState

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize

oleaut32

VariantClear

urlmon

URLDownloadToFileA

Exports

Exports

?DelHook@@YGHXZ
?SetHook@@YGHXZ

Sections

.text
Size: 7KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE