3a1b252f9699392772eacd3890f26084 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a1b252f9699392772eacd3890f26084
Size

62KB
MD5

3a1b252f9699392772eacd3890f26084
SHA1

f350b2a83952b4488830431cd520ebf8e8a55c21
SHA256

bbc767608d4c3465493e6421d4447b922e5cddbb4ea180e4357e8f011c38dfc2
SHA512

0fe7ae9fcca68419de4fecb62cada4b89c46e8237664d81258a395ffa0d160c2a7d9e1e7acc95c251192fc38dc130c2f06197b182c1a1325eb79a318466d1773
SSDEEP

1536:3/IHn/oA5+ZEAb/Sm43FDoxtBO9Z85GSqq8P4:3AH/dqwFobGrSq34

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a1b252f9699392772eacd3890f26084

Files

3a1b252f9699392772eacd3890f26084
.dll windows:5 windows x86 arch:x86

2858aae14e47086cd37c8b1e4a4cc52b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalMemoryStatusEx
GetCurrentThreadId
GetStdHandle
RemoveDirectoryW
GetStartupInfoW
EnterCriticalSection
lstrcmpiA
FileTimeToSystemTime
ConnectNamedPipe
CreatePipe
FindClose
RegisterWaitForSingleObject
GetModuleHandleW

user32

PostMessageW
GetKeyboardLayoutNameW
CreatePopupMenu
SetMenuItemInfoW
MonitorFromPoint
GetAsyncKeyState
SetCursorPos
SendInput
GetMenuItemID
GetClientRect
ReleaseDC
IsCharAlphaNumericW

gdi32

StartDocW
OffsetRgn
UnrealizeObject
SetWindowExtEx
CreateCompatibleBitmap
CreateRectRgn

Exports

Exports

VeSatluodmtcmkdvavbw
_Wwtb
FyEPgauhsap
?Vbjxzfszvryne@@YGHPAIH@Z
SpolpCMy
RsddxwfMviCykmtQs

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.icode
Size: 9KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ