13638ec85328452d982fca649bda44f3ac64e12dda4be45b604074978f7ca47d

General

Target

13638ec85328452d982fca649bda44f3ac64e12dda4be45b604074978f7ca47d
Size

236KB
MD5

29f2787b069c0fc8732902962e173554
SHA1

a6a0af6c6a97726f7cb34a9188c2ead21b15f2b4
SHA256

13638ec85328452d982fca649bda44f3ac64e12dda4be45b604074978f7ca47d
SHA512

875de6c73540d018990a34bb20e88648575d0fb1aa1eee3236c4cecbc2b5713580c9d2bf2d3d88c01cf1b4d49b45d7c21189da75240b7a66ea5e365fb04c08ab
SSDEEP

3072:+enreOlro+Ku39d3mFW6L2y9bLken6jH0EowdHr+S:+enrFFKutd30b26Xk9jH0Eo8r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
13638ec85328452d982fca649bda44f3ac64e12dda4be45b604074978f7ca47d

Files

13638ec85328452d982fca649bda44f3ac64e12dda4be45b604074978f7ca47d
.dll windows:6 windows x86 arch:x86

b13de4bd827ab5ce5be62e7e1c4789dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

commondatasetbase

?CopyLen@StringHelper@common@@YA_NPADIPBDZZ

kernel32

DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount64
DisableThreadLibraryCalls
EncodePointer

msvcp110

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z

msvcr110

realloc
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_vsnprintf
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
?terminate@@YAXXZ
__clean_type_info_names_internal
memcpy
_libm_sse2_cos_precise
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
memmove
_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
memset

Exports

Exports

CreateOriginalDataFormater
FreeFileHandle

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b13de4bd827ab5ce5be62e7e1c4789dd

Headers

DLL Characteristics

File Characteristics

Imports

commondatasetbase

kernel32

msvcp110

msvcr110

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 151KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 56KB - Virtual size: 56KB

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 56KB - Virtual size: 56KB