20209dc7ad80a96442f1556dca8d727e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20209dc7ad80a96442f1556dca8d727e
Size

45KB
MD5

20209dc7ad80a96442f1556dca8d727e
SHA1

d6ce95cf1927301981adb77378e7801ffdb57a6f
SHA256

e8ec6383141bf5753958b39221e5981e7c0d3ac766380690bea519f70dc883d6
SHA512

452711e730140bb33c86f4c7425a77a3faf73b70d928dcff92ab7ee4aa3010160567bb125a813903c149200e4132b3f23e9034cbd1d2838c44e3b9ee6d2468a1
SSDEEP

768:jKc54zUblLuhymJMHdceMJExXGgqpmY+A7d24KXpQinrIgLr/ufdBQdoaQW:mc5JMh3Uc6xWAY+QmXp1rZro0dod

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20209dc7ad80a96442f1556dca8d727e

Files

20209dc7ad80a96442f1556dca8d727e
.dll windows:4 windows x86 arch:x86

5d0901314176edeef021c6dbbdfe4564

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetTickCount
VirtualProtect
GetVersion
Sleep
InterlockedExchange
CreateFileW
CloseHandle
DisableThreadLibraryCalls
GetLastError
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedCompareExchange

rpcrt4

NdrClientCall2

msvcrt

_initterm
__CxxFrameHandler
_except_handler3
memcpy
_amsg_exit
free
malloc
_adjust_fdiv

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ