248e841288804216c9caf08846311411 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

248e841288804216c9caf08846311411
Size

20KB
MD5

248e841288804216c9caf08846311411
SHA1

f8a559ca8e4557dd6839542b37db395804cdcaf2
SHA256

c63397e0dc021fdbf3738cac6d7fa2189b56116a950b92ff1b25513993463f09
SHA512

fd4bb0d0718e13f048f797319795d60f850bb9bbcc5ef1be56858abd03819480a926cac77fe5ba71b99069f8b9ec36e6da549a9cbe11d6bdccdbb205a24c0cd3
SSDEEP

384:2+hzdOkuD/1A18PtdL6ixN6+E4U52VLfNjGzwM8h0WTlVrsUNxxZchP:bIkuDSWP3L6I6iU52V5jzhdPNRchP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
248e841288804216c9caf08846311411

Files

248e841288804216c9caf08846311411
.dll windows:4 windows x86 arch:x86

604af5cd27fa86801742fdf7dd75fd6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtClose

basesrv

BaseSetProcessCreateNotify
BaseSrvNewObDirAcls
BaseSrvNlsLogon
BaseSrvNlsUpdateRegistryCache
ServerDllInitialization

Exports

Exports

BaseSetProcessCreateNotify
BaseSrvNewObDirAcls
BaseSrvNlsLogon
BaseSrvNlsUpdateRegistryCache
ServerDllInitialization

Sections

.text
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE