665083394cfe1764f6d7f364bdf5eff1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

665083394cfe1764f6d7f364bdf5eff1
Size

141KB
MD5

665083394cfe1764f6d7f364bdf5eff1
SHA1

ca83b877813c1923b6071944c448a85bc3943ec6
SHA256

ace0fa6c22cf2e20fa2d4e3283d708806de2a148de057dde834a2a52996efc3f
SHA512

062f6fbdc2c56f9c90bb1c6909316efb8461e847cdb6724b498458c17bbaca7daa08f487088685b42ab44f29d1cd93e4f08880996d28424a39464e820d04a10f
SSDEEP

3072:zpN2DUguHKncrnILhb4o8NfDfN/RowCqtVYUmxRBIOF941kpS+9kySr:VKncrn8hYDfdZtVYUmxRBH9qkplky

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
665083394cfe1764f6d7f364bdf5eff1

Files

665083394cfe1764f6d7f364bdf5eff1
.dll windows:5 windows x86 arch:x86

4919c83daa1850a856d9cb0effb063b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
CancelTimerQueueTimer
AttachConsole
LoadLibraryA
AssignProcessToJobObject
SetCurrentDirectoryA
CreateNamedPipeW
UpdateResourceA
GetProcAddress

user32

SetPropA

gdi32

GetTextCharsetInfo
EndPath

advapi32

IsWellKnownSid

Exports

Exports

pqyjrrna
rdkfwlwvqa
vxcyqmijyygvg

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ