2a2b6e00740b372ed509869185a2a230

General

Target

2a2b6e00740b372ed509869185a2a230
Size

4KB
MD5

2a2b6e00740b372ed509869185a2a230
SHA1

1f31784e0ba418c192261619b5d201ba495e5558
SHA256

ab16a19a38fd4dfb4d79fb0eb034f39fcad0adaadada6e3d084ed03ee50b5446
SHA512

f5abc3347f5908836d41126406199b5d0b77d9e05d04ef28e86cd9e6c0b1c250a1e94a5ce53eacb683ba1990096543803107dbf209f0f5a8e561d1ea85e6479b
SSDEEP

48:iNKPX5HNMhXYPucUBOQfCH4vCR8qWl9TsY7wxCmpTFF:N6XYmcUkQDrjz2T/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a2b6e00740b372ed509869185a2a230

Files

2a2b6e00740b372ed509869185a2a230
.dll windows:5 windows x86 arch:x86

f01e740118da9ef953849730d3082e34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
GetTempPathW
CreateFileW
IsDebuggerPresent
ReadFile
GetFileSize
VirtualAlloc
DebugBreak

winspool.drv

AbortPrinter
DeletePrinterDriverW
DeletePrinter
ord215
AddPrintProcessorA

setupapi

SetupQueueDeleteSectionW
SetupDiInstallClassExA
SetupDiSetDeviceRegistryPropertyA
SetupQueueRenameW

user32

LoadImageA
CreateIconIndirect
GetWindowTextA
MonitorFromWindow
SetWindowTextA
GetSubMenu

wininet

InternetCanonicalizeUrlA
InternetAutodialCallback
GetUrlCacheConfigInfoA
InternetGetConnectedState
InternetQueryOptionA
GopherOpenFileW
HttpQueryInfoA

crypt32

CertDeleteCTLFromStore
CryptMsgSignCTL
CertCreateCRLContext

oleaut32

VarI4FromR4
VarDecFromDisp
SafeArrayAllocDescriptorEx
VarMul
VarUI4FromI1
VarCyFromI4

wsock32

connect
ord1108
gethostbyaddr
ord1116
WSAGetLastError
shutdown
accept

Exports

Exports

Hkcoedclxfkckdl

Sections

.text
Size: 1024B - Virtual size: 870B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f01e740118da9ef953849730d3082e34

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

setupapi

user32

wininet

crypt32

oleaut32

wsock32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 870B

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 140B

.text
Size: 1024B - Virtual size: 870B

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 140B