407243debab4f216e200c0fa1755456c | Triage

Sharing

General

Target

407243debab4f216e200c0fa1755456c
Size

24KB
MD5

407243debab4f216e200c0fa1755456c
SHA1

94db8aea1de9d6c0bc488e1bcc4285ea0ec1d223
SHA256

517f4cfa82eebdb6e2c6772c8bdf465ba9bcfcbf65e0209bf4939e69d923a827
SHA512

776d85f1e140542f1dd8e53064fb82508c4dd8f2fd45a184bc6d9ea49cfb36f7158f971e5d99d51e5f84c7ba85d97ef6f9287f0f91a73940e39a05274f1c143e
SSDEEP

192:D0bqbMaJSS7MBJrkVdf65yLDOOk906IKpct5UFdCB+TEN:YbqNSqMBWayLDu9FIKpct5yZT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
407243debab4f216e200c0fa1755456c

Files

407243debab4f216e200c0fa1755456c
.dll windows:4 windows x86 arch:x86

31235dcc8d302c1882b940d80cd38bf3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
_adjust_fdiv
malloc
_initterm
free
atoi
memcpy
strstr
strrchr
fseek
ftell
strchr
strncpy
??2@YAPAXI@Z
??3@YAXPAX@Z
fopen
fwrite
fclose
fread
time
_strlwr
_itoa

kernel32

ExitProcess
Sleep
LoadLibraryA
CopyFileA
GetProcAddress
CreateThread
GetTempPathA
lstrcmpA
lstrlenA
ResumeThread
lstrcpyA
CreateRemoteThread
ReadProcessMemory
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
GetModuleFileNameA
lstrcatA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 966B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ