64bb11af276d6c578c1096fa74d0d497 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64bb11af276d6c578c1096fa74d0d497
Size

60KB
MD5

64bb11af276d6c578c1096fa74d0d497
SHA1

94a1d1f34e02c7951a6f7bf9b127049a19f0c635
SHA256

b1e6857b7feea0fe82a07a56f67aa10cbb7a499127c7f52cc0cf6cd9d65b0a7c
SHA512

23f48cb7a2ad5ed1c6a6176ab1e8ecfcc8499239fd12fe7f86521fd74b5c4d79a5c4f98befd8c63ae3e8677de8867a606ed756dd431c38a2b1c340f7955306fd
SSDEEP

1536:KbkGFYV1PXuwuS9gD5+ymujKWhOswFli4rN:8WV8S9gD5+ympKOG4J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64bb11af276d6c578c1096fa74d0d497

Files

64bb11af276d6c578c1096fa74d0d497
.dll windows:4 windows x86 arch:x86

07d9c64c4c14d90582b323b75351c0e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

SetTimer

advapi32

OpenServiceA

gdi32

DeleteDC

ws2_32

closesocket

urlmon

URLDownloadToFileA

msvcrt

_initterm

msvfw32

ICDecompress

avicap32

capGetDriverDescriptionA

winmm

waveInUnprepareHeader

Exports

Exports

InjApplicationDll
InjSystemDll
StartMoFei

Sections

pec1
Size: 51KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec3
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pec
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE