7479f8e1bf3950c8c5676db3ee43427a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7479f8e1bf3950c8c5676db3ee43427a
Size

4KB
MD5

7479f8e1bf3950c8c5676db3ee43427a
SHA1

3a6fa2dae9c073a4117c0d224b063d1bab8480e7
SHA256

4e52398f2ff3cd8edf674b11e4bf938fc482c93d7db8f063d1adff25d3ba9c2c
SHA512

3a907ed56affd6ae12c8ce81a5b5476c8269b0ec8d217047f6732399d722f1ef7f0088d0ade4c850c49271abe0f372db624202e46f8c3ccca5b333ee99dcaa3f
SSDEEP

24:eH1GSyk8zX0lVY+AQ5gdaut2pZQi1iKHlcXglQp274C+/lXgwFU3K3RbRkjudbjO:yyk8regdam2pZp1i6lc7HlPbkKNfPY0Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7479f8e1bf3950c8c5676db3ee43427a

Files

7479f8e1bf3950c8c5676db3ee43427a
.dll windows:4 windows x86 arch:x86

d7d03cfcde314dd9338220f955e0c9a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
lstrcmpiA
lstrlenA
DisableThreadLibraryCalls
CreateFileA
WinExec
CloseHandle

advapi32

RegEnumValueA
RegDeleteValueA
RegOpenKeyA

Exports

Exports

DriverProc
auxMessage
midMessage
modMessage
mxdMessage
widMessage
wodMessage

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ