200cc2cf9642a0d3c9240909f9ece886 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

200cc2cf9642a0d3c9240909f9ece886
Size

9KB
MD5

200cc2cf9642a0d3c9240909f9ece886
SHA1

ecf67ea8955ede2ec6fc4ce324c3d6e34e7f0cd9
SHA256

5bf1907bc8a9de1a243d1ceea01c5f2a089efc0aa8b37447a3939fef4219e1ea
SHA512

0d0e2232eeee8e601c15840e6a3221e864259d3acff7c4ab8079c0d073a308a71897a11761655eec83d4ad0df3fce56aee29e30679e4663fce49cf0293513d17
SSDEEP

192:zVFy2w5JRkol7FWne8WwGcPUfb4uekJHBZ51SkImAm:zVFy2w57jRWnzNu9Xn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
200cc2cf9642a0d3c9240909f9ece886

Files

200cc2cf9642a0d3c9240909f9ece886
.dll windows:4 windows x86 arch:x86

2836d2e1a91ef8fe222514e00ec0bffe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualProtect
CloseHandle
CompareStringA
IsBadReadPtr
LoadLibraryA
GetModuleHandleA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
OpenProcess
lstrlenA
GetCurrentProcessId
CopyFileA
DeleteFileA
GetSystemDirectoryA
LeaveCriticalSection
EnterCriticalSection
GetTickCount
CreateThread
GetPrivateProfileIntA
GetModuleFileNameA
InitializeCriticalSection
GetCurrentProcess
FreeLibrary

user32

wsprintfA
GetWindowThreadProcessId
FindWindowA
SetTimer
KillTimer
TranslateMessage
DispatchMessageA
GetMessageA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 698B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ