38271a85a2c36b9c34ef8454abacf281 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38271a85a2c36b9c34ef8454abacf281
Size

124KB
MD5

38271a85a2c36b9c34ef8454abacf281
SHA1

2be9223235050a9b68342068ed15ddd5d0293636
SHA256

547908ffd0f46f517d119b37dfe5507d52c7fd206b05e2d54f706c80f8443d4e
SHA512

8898c0007c3925e8ffcd676b97b172c5f11b7334e0e52c2e53d9d924c393ae62d247e015e6a18d6e7506ea638ad5879d7bf52e4faf2fe8a1649cf3195e8d057d
SSDEEP

3072:KiCthB/SyE+Zr9dP/8312UpwAw9AIVWqmZr:WBR//8YQwhfDG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38271a85a2c36b9c34ef8454abacf281

Files

38271a85a2c36b9c34ef8454abacf281
.dll windows:5 windows x86 arch:x86

99f7c6d67e197244b5090b6ae4d92a83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AttachConsole
GetProcAddress
lstrcmpiA
HeapAlloc
GetProcessHeap
RtlMoveMemory
LoadLibraryA
IsBadReadPtr
TerminateProcess
GetCurrentProcess
DeleteFiber
SetCurrentDirectoryA
VirtualAlloc
FreeEnvironmentStringsW

user32

MapVirtualKeyW
DefDlgProcA
GetMenuState
CreateIcon

gdi32

ExtFloodFill
GetCurrentPositionEx
OffsetClipRgn

Exports

Exports

ldixywash
uceteizyus
wgfbzbbioc

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ