582fc091e6f810f8c4c858483c8b31ae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

582fc091e6f810f8c4c858483c8b31ae
Size

48KB
MD5

582fc091e6f810f8c4c858483c8b31ae
SHA1

da08bbef0364f8e2d798208c4602ce57c35c0e59
SHA256

b1d71ee984f662182993dbe556ae90b8e32e7db30ef1f206b6ce0f3cb8e1db5e
SHA512

7d0d4cf2b673df4a5c3af2828eb8772a64f047a2a734020ce68d6f551186c2c30018f7848e95b455646d7136b49e2533a399f19de3e1f8bb64871903f298aa9d
SSDEEP

768:a7+l0XWzyTgx9ADwTMgZ/XMFaIFMF3UXk23Vc4rT3cpxARcmp3iQWDWgD:Fl0m19ADwAgZkF0U02q4rnN7WSC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
582fc091e6f810f8c4c858483c8b31ae

Files

582fc091e6f810f8c4c858483c8b31ae
.dll windows:5 windows x86 arch:x86

dcaf5fa4ea3326ed6edffa6757fb8770

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwEnumerateValueKey
RtlHashUnicodeString
IoFreeWorkItem
KeInsertQueue
RtlStringFromGUID
IoAllocateIrp
FsRtlFreeFileLock
IoCheckEaBufferValidity
MmGetSystemRoutineAddress
MmLockPagableSectionByHandle
RtlNtStatusToDosError
RtlUpperString
IoStopTimer
PsDereferencePrimaryToken
ExRaiseDatatypeMisalignment
RtlValidSid
MmSetAddressRangeModified
ExAllocatePoolWithTag
RtlFillMemoryUlong
FsRtlFastCheckLockForRead
KeCancelTimer
SeQueryInformationToken
MmIsAddressValid
RtlRandom
IoCreateDevice
KeSetTimer
RtlFindSetBits

Exports

Exports

?nTuaufbamtif@@YGPAKFE@Z
?ltyyZdtrfmyiJqXvhnu@@YGXPAK@Z
?ajcyeoywBpy@@YGIM@Z
?zrTEtdRtqXfypwq@@YGGHPAE@Z
?nWwskJIhZwhkw@@YGMPAE@Z
?qOMvmaxsbsCGoxpm@@YGXKPAK@Z

Sections

.itext
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ