370eaf4cc9577cc043603437566bad37 | Triage

Sharing

General

Target

370eaf4cc9577cc043603437566bad37
Size

1.6MB
MD5

370eaf4cc9577cc043603437566bad37
SHA1

da2a153c06959805e9163876bf9b0741e215b847
SHA256

9f8570ce0a290d5b572df72700125d206f0153283b22bbe2bc994585177c816c
SHA512

d2d1a3b7ae3ccfce3b832c0c7003ab02a266f9e70808c1e9156e9a600134c3f0a53687b5f92b9711b51d7bbe33c44c923c3299516b44a0b97cd7c8c5ccf02acd
SSDEEP

24576:XNt1XL66DoeuBodb9Nk7Al339D/Cu26dKsMO5vMA6qnLKkQWuEblTMiRPuldwcvq:eux

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
370eaf4cc9577cc043603437566bad37

Files

370eaf4cc9577cc043603437566bad37
.dll windows:6 windows x86 arch:x86

e0625c31ea29db4e83bd5a520db830a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CreateSemaphoreA
CreateThread
GetCurrentThread
ReleaseSRWLockExclusive
ReleaseSemaphore
TerminateThread
WaitForSingleObject

Exports

Exports

FreeBP
InjectIntoExplorer
Install
JmpToExplorer
LoadBP
MegaJump

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ