95f778aa3bdcec6d22922286a35594ed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

95f778aa3bdcec6d22922286a35594ed
Size

16KB
MD5

95f778aa3bdcec6d22922286a35594ed
SHA1

72711b16c2bc6b1e5b9b60d401d76f6d440f3b89
SHA256

a7f52eded59fb9e33068c8031e425feaab59cf9eab9b15f2a9f34c4c9c87844b
SHA512

d2a1f5f2cffcc6cb6ad6aba93a21dfb9e6ab488c7ebe757d8d8ca0300c7eaf6aea11da47e1c52323e1bd008306d58c54e8d3f67829863f05d5cc75baf77728ba
SSDEEP

48:60kJfACzw+igAJGe2OauJCo1B281UzwyCFj4arwT:3OT3yQoetBCFj4O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95f778aa3bdcec6d22922286a35594ed

Files

95f778aa3bdcec6d22922286a35594ed
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\TeamCity\buildAgent\work\423020fa87b8a66a\Code\Updater\MEC.AutoUpdate.TROJAN\obj\Release\MEC.AutoUpdate.TROJAN.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ