414ebe645203ecd2cdc54bb7c8fe3b9b

General

Target

414ebe645203ecd2cdc54bb7c8fe3b9b
Size

176KB
MD5

414ebe645203ecd2cdc54bb7c8fe3b9b
SHA1

e143675a815aa0424a5427955082bf166a3fdb18
SHA256

29e411f41a88a0cc2b591bb2446256e51594414cc3f47318967ed9e57feb7f65
SHA512

6fca439501474c41db99a555c4bb3b66de39a24681465a004b0c3bc24a9e6a54fd8404f62de5eaf93a95a95cd0cd79b0de46076a12eca5e447f2441929bca9fd
SSDEEP

3072:fRYougYbOPkegVaq3VXSmZ8qwQ/qx4HEJ2G6x+pOZY59umoEZjBqI7h:fxuvbO9o8qKJcPW9ac

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
414ebe645203ecd2cdc54bb7c8fe3b9b

Files

414ebe645203ecd2cdc54bb7c8fe3b9b
.dll windows:5 windows x86 arch:x86

41b22120b8552c5d5c912c62a882007c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
malloc
_adjust_fdiv
_initterm

ntdll

RtlNtStatusToDosError
NtQueryObject
NtClose
NtQueryValueKey
NtOpenKey
RtlInitUnicodeString
NtQuerySystemInformation
RtlIntegerToUnicodeString

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
HeapAlloc
lstrlenW
HeapCreate
HeapDestroy
HeapFree
DisableThreadLibraryCalls
HeapReAlloc
lstrcpyW
CreateFileMappingA
VirtualAlloc
CreateSemaphoreA
CreateEventA
CloseHandle
QueryPerformanceCounter

advapi32

DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegisterEventSourceW
ReportEventA

Exports

Exports

ServiceMain
CollectOSObjectData
OpenOSObject
QueryOSObjectData

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41b22120b8552c5d5c912c62a882007c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 156KB - Virtual size: 156KB

.reloc Size: 1024B - Virtual size: 1022B

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 156KB - Virtual size: 156KB

.reloc
Size: 1024B - Virtual size: 1022B