1bacd00ad4e8a1177f48545a13bdc528 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1bacd00ad4e8a1177f48545a13bdc528
Size

28KB
MD5

1bacd00ad4e8a1177f48545a13bdc528
SHA1

253c3d00b0f32c90dd04893a0ee99e1950b25729
SHA256

aa4259f40c2b18a446c60343ce0719722b76ec31b951d072ebc5f0e374b4310e
SHA512

b30a017b0f8cb1eb083ca79d8164fce11885b48058c320701daf25c600c2024cec8ea4b5e9031830d650e0b02fb23a38c20637ed6fcc007335d86499002fe626
SSDEEP

384:rS5VP9qswEmIiur3SrpRrDIuzIJtnd3HNJlPCpct5p:2rEHNIpWrp5DIu8JJd3HtPCat5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bacd00ad4e8a1177f48545a13bdc528

Files

1bacd00ad4e8a1177f48545a13bdc528
.dll windows:4 windows x86 arch:x86

cd1a288f25db225e71713fc9268a55d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_addr

msvcrt

_strlwr
_adjust_fdiv
malloc
_initterm
free
strcat
strlen
atoi
memcpy
strstr
??3@YAXPAX@Z
??2@YAPAXI@Z
memset

kernel32

VirtualProtectEx
TerminateProcess
lstrcpyA
GetModuleHandleA
CreateThread
LoadLibraryA
GetTempPathA
CopyFileA
GetProcAddress
GetModuleFileNameA
lstrlenA
ReadProcessMemory
lstrcatA
GetCurrentProcessId
GetCurrentProcess
WriteProcessMemory
Sleep

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ