4152d00fe6e6fb2637f6207571a1eb63

Sharing

Copy URL

Twitter E-mail

General

Target

4152d00fe6e6fb2637f6207571a1eb63
Size

72KB
MD5

4152d00fe6e6fb2637f6207571a1eb63
SHA1

bd433d41d04711b76084e996c5dcb753100788e8
SHA256

37b8420ef45e7cd6c1426388411beb301a2b2e59d8e83a68d0fcf06e4d7df6a2
SHA512

ced579aa67009aa30fe0b54fc8a4fcd7f0aa3b8679e65f9fc52a7fa1f020e31f23fb8d579466ce1985b4ead02275f2b7af757a18f66bf7654fcb4d9abb2449de
SSDEEP

1536:h9bCbsiv24gOona8jDZezTnr1seVJEoMJh6o+GS:h9bCbsivG37Ze2ebMJh6o+GS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4152d00fe6e6fb2637f6207571a1eb63

Files

4152d00fe6e6fb2637f6207571a1eb63
.dll windows:4 windows x86 arch:x86

843bce76a63596fdd720dd0deefc2d9c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

imagehlp

MapFileAndCheckSumA

shlwapi

PathAppendA
SHDeleteKeyA

kernel32

GetLastError
DeviceIoControl
GetVersionExA
WritePrivateProfileStringA
MoveFileExA
CopyFileA
FindClose
FindFirstFileA
GetSystemDirectoryA
GetCurrentDirectoryA
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
UnmapViewOfFile
SetLastError
MapViewOfFile
GetCurrentProcess
SetFileTime
GetFileTime
GetTickCount
CreateFileA
GetModuleFileNameA
GetModuleHandleA
FindNextFileA
GetOEMCP
GetACP
VirtualAllocEx
SetFilePointer
WriteFile
VirtualFreeEx
CloseHandle
SetStdHandle
FlushFileBuffers
CreateFileMappingA
GetCPInfo
GetStringTypeW
HeapFree
HeapAlloc
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA

advapi32

OpenSCManagerA
RegQueryInfoKeyA
RegEnumKeyExA
DeleteService
RegDeleteKeyA
CreateServiceA
CloseServiceHandle
OpenServiceA
StartServiceA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

prh_CallBackRoutine
prh_CloseDriver
prh_InstallDriver
prh_OpenDriver
prh_SetFilter
prh_SetFilterEx
prh_UnInstallDriver

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

843bce76a63596fdd720dd0deefc2d9c

Headers

File Characteristics

Imports

version

imagehlp

shlwapi

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 8KB - Virtual size: 4KB