18184af9b93fc35a38d58295f2c3cb58 | Triage

Sharing

General

Target

18184af9b93fc35a38d58295f2c3cb58
Size

179KB
MD5

18184af9b93fc35a38d58295f2c3cb58
SHA1

bd959badca1df2eefafe47e9e0d6a077ca837e2c
SHA256

73fc508b14c2054c10948ff2cc05cd431a3304aec011da2e68acda83f95b1d61
SHA512

1b714a4d91159f6b2dd2cf0b5eaf853be75b8e9cf90719d77cc97531851b6a3094f2b610a233d2e857758456fde85b57c41a0f481d5224ec7778c784be60c3ac
SSDEEP

3072:C+Erpvrgi25CthBbiBnsi5Y2Gx/oP01QdsUlb6uOB0R/a6RIrWY:C+OvrTwChiqozJb6bB0R/nRw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18184af9b93fc35a38d58295f2c3cb58

Files

18184af9b93fc35a38d58295f2c3cb58
.dll windows:4 windows x86 arch:x86

08896641c839c8e9f49129169b6cfc5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerFindFileA
GetFileVersionInfoSizeA

comctl32

ImageList_Remove

kernel32

GetCommandLineW
GetCurrentProcessId
IsBadHugeReadPtr
ExitProcess
GetStartupInfoA
GlobalAlloc
GetModuleHandleA
FindResourceA
InitializeCriticalSection
GetACP
LockResource
GetStdHandle
lstrlenA
GetLastError
LocalAlloc
SetEndOfFile
VirtualAlloc
GetProcAddress
GetCPInfo
SetEvent
LoadResource

user32

CreateMenu
SetWindowPos
GetMenuItemCount
GetMenu
SetWindowPlacement
GetCursor
SetWindowLongA
IsCharUpperA

gdi32

CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA

Exports

Exports

_Expr3iHr8wkdC7@8
4o_c9l1D0T
_3wnTHWcqjzd85t
_Mdr3VH_dy0T
_qtaBocvavX@16

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ