508242c35fb3cd798f3067f201688d64 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

508242c35fb3cd798f3067f201688d64
Size

50KB
MD5

508242c35fb3cd798f3067f201688d64
SHA1

abea62ed448adc5ecc24637fc97c5d846ed9b836
SHA256

fd62909efa74297b2feaf45b739b71a48aeb2f786ea8cab5f76e4d46a70dcd72
SHA512

ada58098fa08fb9c435418c112430312287bf4207465a23b3112edcd89c19f6fd6e6407056717159d165e5fc87fd679107573feaaf5716a8a7aa23a5c16d1b13
SSDEEP

1536:XfU2bcdGAzrGmCNaGIN6R8aOKJTu+ZWQKd:eYttwGIo8aXTu+ZW/d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
508242c35fb3cd798f3067f201688d64

Files

508242c35fb3cd798f3067f201688d64
.dll windows:4 windows x86 arch:x86

f6595c5a195a774b5a098aa8c869af03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenGroups
CryptSetHashParam
DeleteAce
CloseEventLog
CryptGetHashParam
DuplicateToken

kernel32

WinExec
ExitProcess
TerminateThread

msvcrt

_eof
_chkesp
_ctype
_except_handler2
_CItanh

Sections

.text
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE