267df394b74f69ebfbf692097e912f00 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

267df394b74f69ebfbf692097e912f00
Size

21KB
MD5

267df394b74f69ebfbf692097e912f00
SHA1

00fefcc614d309caa116095431746a4ab600af52
SHA256

9fd239477282a56eb09bbb34e0f1c4fb82897529026550e78f58eefa449bd3f8
SHA512

ba8334da68d9971d07e8b31625ce78adc59ee60f403bf8343b24384c1d708ad4aa25f352423837024b6fd9182354b5cd06fe8b286eee0845e89a1587b569c42a
SSDEEP

384:5x4P4rBFSs97pi+BnCklUa+1z1zjUbmxmdKBSfvXnP+csXY:5xA0W+BnCkiL1p2mxDSnnPtsI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
267df394b74f69ebfbf692097e912f00

Files

267df394b74f69ebfbf692097e912f00
.dll windows:4 windows x86 arch:x86

17e56da1b33bd9b243c8d8017e1fea48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
GetEnvironmentVariableA
GetThreadContext
ReadProcessMemory
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory
lstrcatA
lstrcpyA

Exports

Exports

DllMain
WLEventStartShell

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ