525579486e433318397196a9185676f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

525579486e433318397196a9185676f3
Size

10KB
MD5

525579486e433318397196a9185676f3
SHA1

524ba06c0edc5666a73401c8bbaf26729cb54fa1
SHA256

7aef8f175744e30573a2e9a84d468ac97d6b8df4faec48f68736831c5e439cfc
SHA512

5f9f802f1b4c7bd53db8622d1dd4ff88f420fb99fa93a052459166e3d5c0534bf2b6c90220651774b38823ac00a280645e5cca782548e6c237e3a481ea2b4741
SSDEEP

192:kyy+xYLJt17P+EK0U8sLWLk0LDJ/yp0n9kC6ojaCasvWPYeh0gL:ky30MEK5jLWci93Ss+PYehF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
525579486e433318397196a9185676f3

Files

525579486e433318397196a9185676f3
.dll windows:4 windows x86 arch:x86

b35fd5b89da10ac8babf750ba613b020

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
CreateFileMappingA
SearchPathA
VirtualFree
VirtualAlloc
MapViewOfFileEx
OpenFileMappingA
lstrlenA
LeaveCriticalSection
lstrcpynA
EnterCriticalSection
lstrcmpiA
GetProcAddress
LoadLibraryA
UnmapViewOfFile
VirtualProtect
GetModuleFileNameA
DeleteFileA
GetSystemDirectoryA
ResumeThread
SetFileAttributesA
SetPriorityClass
GetCurrentProcess
CreateProcessA
GetShortPathNameA
GetEnvironmentVariableA
IsBadStringPtrA
MoveFileA
GetLastError
InitializeCriticalSection
CreateFileA
CloseHandle
GetModuleHandleA
DeviceIoControl

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

msvcrt

??3@YAXPAX@Z
strcpy
memset
??2@YAPAXI@Z
_vsnprintf
strlen
_mbscmp
_except_handler3
malloc
memcpy
sprintf
toupper
_mbsstr
_mbslwr
strcat
_local_unwind2
free
_initterm
_adjust_fdiv

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 558B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ