8a2d8a02f252d179dcdfba0552eeeae1

General

Target

8a2d8a02f252d179dcdfba0552eeeae1
Size

69KB
MD5

8a2d8a02f252d179dcdfba0552eeeae1
SHA1

e16e7b5d4cff396fcfbc5e26dc33f76e81bc74ee
SHA256

6e141bf19972546e79b984c09c96e96e2cc2d844c45682c0a270939ad4f39284
SHA512

4955bd7a5dd25427baeb18fc5fb77a59bf3eee109b8f287897f146106ed5fb0b3edf01a87ca64a39b751294deceed7cc72b6a680d725506d86b7841c9e78f89a
SSDEEP

1536:6x9QoDCoUWlzN/VEcqaf6osN76S8P3dBQBjs18c4q+U:6zXz3ImrPDQW18VqB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a2d8a02f252d179dcdfba0552eeeae1

Files

8a2d8a02f252d179dcdfba0552eeeae1
.dll windows:4 windows x86 arch:x86

d01358ef385cb44d774188aa7ae6078e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

privhate.pdb

Imports

shlwapi

PathRemoveFileSpecA
PathFileExistsA
PathAppendW
PathRemoveFileSpecW

kernel32

EnterCriticalSection
Sleep
GetStartupInfoA
SetHandleCount
InterlockedIncrement
GetModuleFileNameA
HeapAlloc
GetLastError
TlsSetValue
TlsFree
SetLastError
LCMapStringA
GetOEMCP
SetUnhandledExceptionFilter
SetFilePointer
lstrcmpW
GetCurrentProcessId
GetLocalTime
UnhandledExceptionFilter
CreateFileA
LCMapStringW
HeapFree
GetStringTypeW
TlsAlloc
GetStdHandle
InterlockedDecrement
RaiseException
TerminateProcess
GetCurrentThreadId
GetFileType
GetCurrentProcess
VirtualAlloc
CreateFileW
LeaveCriticalSection
VerSetConditionMask
GetCommandLineW
QueryPerformanceCounter
HeapReAlloc
GetVersionExW
GetACP
VirtualFree
GetSystemTimeAsFileTime
MultiByteToWideChar
GetStringTypeA
IsDebuggerPresent
SetStdHandle
TlsGetValue
GetEnvironmentStringsW
GetTickCount
GetModuleFileNameW
GetConsoleOutputCP
LoadLibraryA
DeleteCriticalSection
GetCPInfo
VerifyVersionInfoW
HeapCreate
WriteConsoleA
ExitProcess
GetLocaleInfoA
FlushFileBuffers
GetConsoleMode
WideCharToMultiByte
GetPrivateProfileIntW
IsValidCodePage
WriteConsoleW
GetConsoleCP
CloseHandle
HeapSize
GetProcAddress
FreeEnvironmentStringsW
WriteFile
GetModuleHandleW
GetTempPathW
InitializeCriticalSectionAndSpinCount

advapi32

ConvertStringSidToSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Exports

Exports

dewam

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d01358ef385cb44d774188aa7ae6078e

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.data Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 530B

.text
Size: 50KB - Virtual size: 50KB

.data
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 530B