486881bca64493b931ed2d5d3ae0967c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

486881bca64493b931ed2d5d3ae0967c
Size

16KB
MD5

486881bca64493b931ed2d5d3ae0967c
SHA1

1d02976d5c84afc74270fba2e8e091df80ceab27
SHA256

fff0b3562583ca9d51a4f82c6d7d372571216bd7038c994058089ab79f27bf7c
SHA512

acdf3f1999be932246ba8d54d289f2283f1dcf62b586e680a380c5ccb8ad7c4cbf4e0ad58f7f4ab77071d52825a392876f83f32e2b32f75a7b34aee4d062d178
SSDEEP

192:nkaxswduncRqDVhFKPYfg4lmQho5fNo0ySChoiRtcBRH:kVIuncRqDH7fg4gAAzCWiR6z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
486881bca64493b931ed2d5d3ae0967c

Files

486881bca64493b931ed2d5d3ae0967c
.dll windows:1 windows x86 arch:x86

7d863c305a4521a208ff11d26229a3b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrcmpA
VirtualProtect
SetLastError
GetLocalTime
WriteConsoleA
CreateThread
GetCurrentProcess
GetLastError
CloseHandle
GetProcAddress
LoadLibraryA
WriteProcessMemory
Sleep
VirtualAlloc
VirtualFree

wsock32

socket
shutdown
ioctlsocket
gethostbyname
connect
closesocket

advapi32

RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegCloseKey

Sections

CODE
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE