5202ca3b7059181160c85d42e1ff1de4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5202ca3b7059181160c85d42e1ff1de4
Size

32KB
MD5

5202ca3b7059181160c85d42e1ff1de4
SHA1

c8f2af496b035b61d4f964858325c164cb55f9e2
SHA256

0a7b4cf6cfab3326cf97511549d67406b76e9944b142ac50b4cf122842301e4d
SHA512

94333395bc85eb3178872c211e1017845838d2a9e80759aa6eaff39848c089f5257d95a5e9d558926c38528b94d367368cd59010ab123fc3eb6aa580ac8ba882
SSDEEP

384:8cDT0QSYe81Cl0b5IGMR8jqpRPpP63V4TPauqKVjxSxgwxv:HRSYp1CImdlRPpPdTPauHV9Sgwxv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5202ca3b7059181160c85d42e1ff1de4

Files

5202ca3b7059181160c85d42e1ff1de4
.dll windows:4 windows x86 arch:x86

e3c3d6c1eccbe8564220728e7b018f21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs
closesocket

msvcrt

_strupr
_adjust_fdiv
malloc
_initterm
free
strchr
memcmp
atoi
strcpy
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
fopen
fread
fclose
fwrite
time
memset
_strlwr
_itoa

kernel32

GetCurrentProcess
CreateEventA
GetModuleHandleA
Sleep
CreateThread
lstrlenA
CopyFileA
GetTempPathA
SetEvent
WaitForSingleObject
lstrcpyA
IsBadReadPtr
GetModuleFileNameA
LoadLibraryA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
GlobalAlloc
GlobalLock
ReadProcessMemory
lstrcatA
GetCurrentProcessId
VirtualProtectEx

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ