52d31705969e1077840e270f8c83f70f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52d31705969e1077840e270f8c83f70f
Size

8KB
MD5

52d31705969e1077840e270f8c83f70f
SHA1

2f04d8c154dab5a9e8460d0ed5419f63c9c3a384
SHA256

c2c3024201f9f4985bc7db81fcb24413bf3dbd6d5cfaad585e84f801155ca3a9
SHA512

24e016346d64562c311b8a3fe7e115e5db96886aad6afb01e33e3219e28f4417cfe06ce40eafae6fee94c4ae1cf74302b7270186050f1bcbae4c06a92b3cc531
SSDEEP

192:RRHGm2p7K7PK/cqOaiXvMQ0QXWutu99jcY8H:zGZ7+S0qOfvT0QXdujcY8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52d31705969e1077840e270f8c83f70f

Files

52d31705969e1077840e270f8c83f70f
.dll windows:4 windows x86 arch:x86

a8e0eb74c2aafe5f7063cba115915ff4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
TerminateProcess
GetCurrentProcess
lstrcpynA
GetModuleHandleA
LoadLibraryA
lstrlenA
DisableThreadLibraryCalls
GetCommandLineA
GetSystemDirectoryA
GetModuleFileNameA
GetProcAddress
FlushInstructionCache
WriteProcessMemory
VirtualAlloc
ReadProcessMemory
VirtualProtect
IsBadCodePtr
lstrcatA
Sleep
CreateThread
WinExec

user32

CharLowerA
SetWindowsHookExA
CallNextHookEx
wsprintfA
FindWindowA

advapi32

RegCreateKeyA
RegSetValueExA
RegCloseKey

Exports

Exports

winsockinit

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ