18caa71dcecda8c579bd0e8f75bb612f | Triage

Sharing

General

Target

18caa71dcecda8c579bd0e8f75bb612f
Size

8KB
MD5

18caa71dcecda8c579bd0e8f75bb612f
SHA1

54d886ce1c0a073b49144403b0053749db920367
SHA256

034bfb9b073d6df1015c46948f9ab2971b5a1193bf64dce53c59aa7d655e284d
SHA512

635d8246aa618bcb1aa5f246dfdb1f4e0ca1297f464d89589740a27744ac7853bfaaeadda579f8ada304c015232206ff8f2cfd459e34e464e7555e8eccd456bd
SSDEEP

192:4+fDnrSq4gekQSabiArsLFDdV0WiyIAZaNRipJv0:ylSabiAQdVMyIAMNIpC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18caa71dcecda8c579bd0e8f75bb612f

Files

18caa71dcecda8c579bd0e8f75bb612f
.dll windows:4 windows x86 arch:x86

108190054bd873df2d10e92e1a2d23b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
WriteFile
DeleteFileA
CloseHandle
CreateFileA
CreateProcessA
GetStartupInfoA
lstrcatA
lstrlenA
GetTempPathA
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetThreadContext
SuspendThread
GetCurrentProcess
TerminateProcess
GetVersion
OutputDebugStringA
GetModuleFileNameA
WaitForSingleObject
Sleep
ExitProcess
HeapFree
lstrcmpiA
HeapAlloc
GetProcessHeap
CreateThread
ReleaseMutex
GetLastError
CreateMutexA

user32

wvsprintfA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ