8f64756049a51807f0355adf45677239 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8f64756049a51807f0355adf45677239
Size

65KB
MD5

8f64756049a51807f0355adf45677239
SHA1

3b53b24e7913101c5ed3c706b59fb6128bb26734
SHA256

2d55ac8d9fecca53e71370348995a796a2627d8cb97805921015a5f94c50b2a7
SHA512

9117f30bda95f7148e5b006707079901350a2894252d7e1fb007e544bc454905bdf0189c59bbd622f0b4aafb833626a24a09f6ab3cacfc3f57848249a4a9e693
SSDEEP

1536:2hb9sHd03/FKlVRM1TC/uIKytEo0OK6f6QbSY5i8kf:hd0tKlEouIKytEo0OK6f6QOY5iVf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f64756049a51807f0355adf45677239

Files

8f64756049a51807f0355adf45677239
.dll windows:4 windows x86 arch:x86

64af51ca8df7339a99b32934dc0b81e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GlobalLock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

NtQueryDefaultLocale
RtlSetAllBits
RtlAllocateHeap
NtQueryVolumeInformationFile
ZwQuerySemaphore
RtlConvertUiListToApiList
RtlCreateProcessParameters
RtlIdentifierAuthoritySid
NtFreeVirtualMemory
ZwQuerySecurityObject
NtAdjustPrivilegesToken
NtAccessCheckByTypeResultList
NtQueryValueKey
RtlUpcaseUnicodeToOemN
RtlCustomCPToUnicodeN
ZwCancelTimer
RtlSetSecurityDescriptorRMControl
__iscsymf
RtlNewSecurityGrantedAccess

Exports

Exports

Urusiacdyt
CloseMmeeebopnc
CreatePkeutemd

Sections

.text
Size: 4KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

weIJUNLi
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ