8e58b22d8c46567f3df470d8c841cdd2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e58b22d8c46567f3df470d8c841cdd2
Size

10KB
MD5

8e58b22d8c46567f3df470d8c841cdd2
SHA1

9706353228d9a46403387403d0c288c532be4aa6
SHA256

a21019e4f5ebcd25ad079de92f1e92ed77a16e59cdec46cd079dc670b83b468f
SHA512

e8b8d27d426e05cda06ebb36505319bd586ce3472b19af8c0c1b1464fdd173e566af28ca2eedbec524ede469dac90e152bfed9fa4d8dc3536563a23fa8b25b8d
SSDEEP

96:tpEk0VD5S3+fbTVmLJXQirM8fH1HM2b5Ndyd5Y6ZmQM0AqXsGlsfV1j8ispBwBbf:tH0VFbTVeAiAmVH3UXHAQOq8GS+Ub

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e58b22d8c46567f3df470d8c841cdd2

Files

8e58b22d8c46567f3df470d8c841cdd2
.dll windows:4 windows x86 arch:x86

525a39e48fb3843b29b811df8d3ec83f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbscmp
memcpy
fclose
fwrite
fopen
memset
_mbsnbcpy
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
time
localtime
strftime
strlen
strcpy
_mbsnbcmp
_mbsrchr
sprintf

kernel32

WideCharToMultiByte
GetModuleFileNameA
DisableThreadLibraryCalls
SetFileAttributesA
CloseHandle

user32

GetForegroundWindow
SetWindowsHookExA
UnhookWindowsHookEx
GetKeyState
GetAsyncKeyState
CallNextHookEx
GetWindowTextA

advapi32

CreateProcessAsUserA

Exports

Exports

FlushBuffer
SaveE
SetLOpt
StartL
StopL
WLELock
WLELogoff
WLELogon
WLEShutdown
WLEStartScreenSaver
WLEStartup
WLEStopScreenSaver
WLEUnlock

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 570B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ