79f6ebfa597ec984e5971b863985fbf7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

79f6ebfa597ec984e5971b863985fbf7
Size

39KB
MD5

79f6ebfa597ec984e5971b863985fbf7
SHA1

7cd5018185477b8779e0eb6190bc506ef7389cd0
SHA256

8c32c0c1d93cd68f721d566b5ec542b4b1bbd7b3831d59c1e4aa3aaee32cfba0
SHA512

60e85ccd046257245d07935c5b90fd2805afbc7d3f9fe377efa5c84dac1c2fe536e65ee8bcb6652e3cea1d61dc8f2fe035b416f56e962a1f0132966d1da75d0e
SSDEEP

768:cEhmRuJq+3hp3Xn3BO6BRSCx7+8BjlL/Lc0:RhmRuJq+3hp3Bb37+WL/g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79f6ebfa597ec984e5971b863985fbf7

Files

79f6ebfa597ec984e5971b863985fbf7
.dll windows:4 windows x86 arch:x86

21351a1eb95f47e80b5928aea11dbc24

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
CreateFileA
GetSystemInfo
SetPriorityClass
GetCurrentThreadId
CloseHandle
HeapAlloc
DeleteFileA
GetCurrentProcess
CreateThread
HeapFree
GetTickCount
WriteFile
Sleep
HeapCreate
ReadFile
ExitThread
GetWindowsDirectoryA
FreeLibraryAndExitThread
GetProcAddress
GetModuleHandleA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

urlmon

URLDownloadToFileA

ntdll

NtQueueApcThread
RtlFreeHeap
NtAlertThread
RtlAdjustPrivilege
NtQuerySystemInformation
_wcsicmp
RtlAllocateHeap
NtClose
sprintf
memset
_aullshr
NtOpenThread
memcpy
_allmul

ws2_32

connect
inet_addr
htons
socket
gethostbyname
WSACleanup
setsockopt
recv
closesocket
send
WSAStartup

Exports

Exports

DllUnregisterServer

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ