4023092350c532fc49d154505ec9a1c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4023092350c532fc49d154505ec9a1c8
Size

355KB
MD5

4023092350c532fc49d154505ec9a1c8
SHA1

c6e7d9d76c221f4c6bea6dc4ba2363491e34ea12
SHA256

2af6b1f530a7f79fc8c413612cab21c539a9678e899da06a648aff1b7f937d11
SHA512

d42e7dbedfe34b7404eca46df4e03288554e4dc57fb334d21ce007894564ea8ac8288df1a055a3635d69998843860627cb5c44b783cd74b8ed36db04cb7e1e5c
SSDEEP

6144:jyusBaiLlIurxTbp4o8l4It2DelgQpB/lP3u21uZoXa8ZTiposUDFkPtigi976DD:OXwIIuxTbp4oTOgQpdlG21I89ipNc4ss

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/core/bind_64.dat

Files

4023092350c532fc49d154505ec9a1c8
.zip
core/bind_64.dat
.dll regsvr32 windows:6 windows x64 arch:x64

dd2462e9fd4e377146b7a9f0263a0b8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
VirtualAlloc
VirtualFree
GetSystemTime
LoadLibraryA

Exports

Exports

AhwexizsljIxxxjcpuAqjuwae
DllRegisterServer
OgtnoykxjkbWjnqtyodvvrcor
update

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
core/cmd.bat
core/license.dat