2379d5adb0c0461fc4f53e93ffdb7ffb | Triage

Sharing

General

Target

2379d5adb0c0461fc4f53e93ffdb7ffb
Size

9KB
MD5

2379d5adb0c0461fc4f53e93ffdb7ffb
SHA1

e1b2f83079d396694ce679aab8da6d00127f3e28
SHA256

1340365701c7d151d79fd9b35684598a53a35835b2c4cdb0d55aa660c4e49241
SHA512

e32e8051d07509240a92923244c8d8d87f0558a25434a99b51afa7982772de1f3e84160066c3ce269c402af426520c6a4f74aa510fe74c15e68be88cdef8bfc3
SSDEEP

192:Qt8tN2svJQUYJ5dS6+CJj9IkXTwX+JWRfgOl:QGWGYBS6bJWch8RfgO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2379d5adb0c0461fc4f53e93ffdb7ffb

Files

2379d5adb0c0461fc4f53e93ffdb7ffb
.dll windows:4 windows x86 arch:x86

db163de1d8824be6ea7e2af69a14ae43

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateSemaphoreA
ExitProcess
GetAtomNameW
GetCalendarInfoA
GetProcessHeaps
GlobalSize
Heap32Next
IsValidLocale
PulseEvent
SetFileApisToOEM
lstrcat

advapi32

BackupEventLogA
GetCurrentHwProfileA
GetMultipleTrusteeOperationA
GetSecurityInfoExW
ReadEventLogA
RegOpenKeyExW
RegisterEventSourceA

shell32

DllCanUnloadNow
ExtractIconResInfoA
OpenAs_RunDLLW
PrintersGetCommand_RunDLLW
RealShellExecuteExW
SHAppBarMessage
SHGetDataFromIDListW
SheChangeDirA
SheChangeDirExA
SheFullPathA
SheSetCurDrive
ShellExecuteExW

gdi32

CreateCompatibleBitmap
CreateDCA
DescribePixelFormat
DrawEscape
ExcludeClipRect
FloodFill
GetAspectRatioFilterEx
GetICMProfileW
GetMetaFileW
GetWindowOrgEx
PlayEnhMetaFileRecord
PlayMetaFileRecord
ResizePalette
SetMetaFileBitsEx

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE