7a31dae0bdb9da44e2a86ec4feed2ff5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7a31dae0bdb9da44e2a86ec4feed2ff5
Size

24KB
MD5

7a31dae0bdb9da44e2a86ec4feed2ff5
SHA1

87f590e1e9c6b3e4afc0ac73963d9194f58aaad2
SHA256

34543ecaa209ac211d174dfac657fc93ca07f80cdff0a38da0c4fba22491ba55
SHA512

095b6a631dddef340a856adc5e21e183d21834707f6e306566eef7b821e4e34bbaf8a2f30f748aff78f3e1cf8186c0db297e5de3cfd3a160bc51c574f99c8153
SSDEEP

384:HO+sUI897rTfQI3dlo3YLng+yMc5rpct5sZX:5zdX3dlo3en1yMclat5sZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a31dae0bdb9da44e2a86ec4feed2ff5

Files

7a31dae0bdb9da44e2a86ec4feed2ff5
.dll windows:4 windows x86 arch:x86

d6e3cef00b738d25f82c493660623430

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

EnumWindows
GetWindowTextA
GetWindowThreadProcessId
SetWindowTextA
GetClassNameA
EnumChildWindows

ws2_32

ntohs

msvcrt

free
_initterm
malloc
_adjust_fdiv
_itoa
strcmp
atoi
memcpy
strstr
fopen
fwrite
fclose
fread
time
memset
??2@YAPAXI@Z
sprintf
??3@YAXPAX@Z
_strlwr
strchr

kernel32

lstrcpyA
LoadLibraryA
ExitProcess
TerminateProcess
VirtualAlloc
GetModuleHandleA
lstrcmpA
Sleep
CopyFileA
GetProcAddress
GetModuleFileNameA
CreateThread
GetTempPathA
ReadProcessMemory
lstrcatA
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
lstrlenA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ