77a505103078ae52ac63ac83b2f66b95 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

77a505103078ae52ac63ac83b2f66b95
Size

33KB
MD5

77a505103078ae52ac63ac83b2f66b95
SHA1

15313fb50a9939504ef41f01d13fa98ddab3d3e9
SHA256

7bda51c0e441c58e54fe89d3df30716eff1dde4d50e774d4fe9feedcff894cdc
SHA512

facc203e60730c5aa3f924e2dacef90767f243122c4fa00229a7a22c24ca40144e654918e62eb97826b882e2e2fc752d2531401cf88b4abbecc5344f4de16ff2
SSDEEP

768:uD8Z0vz/B0iGy3Vd2cbYaKi/7KKlmcaTPdnnnnnFJxs:TKvjB0iGy3VJUlKlaTP9nnFJO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77a505103078ae52ac63ac83b2f66b95

Files

77a505103078ae52ac63ac83b2f66b95
.dll windows:5 windows x86 arch:x86

8f64b9b289352c1311a1c1a1d184b44c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\gxiRJsLncclvSEhbsO\xvlpeiNApeesszkutnvv\pGylMOwJjlCBcpbnmKytiA\pTmrzffxVMJm\tsgAyfqqrImfwgzyvKPX\HobsQfoQyzrPsLuxqfu.pdb

Imports

ntoskrnl.exe

ZwOpenSymbolicLinkObject
KeCancelTimer
MmIsAddressValid
RtlNumberOfClearBits
RtlEqualString
strncpy
ExGetSharedWaiterCount
RtlCompareString
IoInitializeTimer
RtlEqualUnicodeString
RtlIntegerToUnicodeString
ExRaiseAccessViolation
RtlSubAuthoritySid
RtlInitUnicodeString
ZwQueryObject
MmAllocateContiguousMemory
RtlInitString
IoSetHardErrorOrVerifyDevice
FsRtlLookupLastLargeMcbEntry
ZwEnumerateValueKey
SeTokenIsAdmin
RtlCharToInteger
IoOpenDeviceRegistryKey
KeInitializeApc
MmBuildMdlForNonPagedPool
KeInitializeTimerEx
MmMapIoSpace
SeImpersonateClientEx

Sections

.text
Size: 14KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ