c15df67c119c2cfc7845a01f8a36f2b85612660b5464464c5be6370f9afaa173 | Triage

Sharing

General

Target

c15df67c119c2cfc7845a01f8a36f2b85612660b5464464c5be6370f9afaa173
Size

293KB
MD5

52597bf4473f6f446102ea205f140321
SHA1

a7aa49955cd61157b29b1c61e194c814a90e6e14
SHA256

c15df67c119c2cfc7845a01f8a36f2b85612660b5464464c5be6370f9afaa173
SHA512

d88ce6df59c8c5bfa97cd9707636ec22bd95a58403694238b50192d74c83ba8de72d1cb032d3ba93c06cd235a824e63e1ef69ad41d9af6e3252dffeea5b0724b
SSDEEP

3072:025H3LUTyMW0L52JD6Z/7sg+9s07pxexALWmxhinnYfhRzl+K39bjXwHK7:02EV+ex7sg+JdxeK3zina9tbUHk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
c15df67c119c2cfc7845a01f8a36f2b85612660b5464464c5be6370f9afaa173

Files

c15df67c119c2cfc7845a01f8a36f2b85612660b5464464c5be6370f9afaa173
.dll windows:4 windows x86 arch:x86

43c118dd95c489baabd16ea5803fdfc2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualProtect
GetACP
GetProcessId
GetCurrentThread
lstrlenA
lstrcatA
lstrcmpA
GetCurrentProcess

msimg32

vSetDdrawflag

gdiplus

GdipDeleteStringFormat

version

GetFileVersionInfoSizeW

oleacc

GetRoleTextA

Sections

.code
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdataf
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ