98e00abe4858371601ec39fce6338a90 | Triage

Sharing

General

Target

98e00abe4858371601ec39fce6338a90
Size

154KB
MD5

98e00abe4858371601ec39fce6338a90
SHA1

2cc3e506674e6484d54ef38d6608f9557bf47564
SHA256

e446a39cb6f8ea92ece575e36c357717501441352d94d9033dc6f4cd0e9f7fa2
SHA512

518d2ea50133b647c5cabe89691e9bb001332b3158ecd10ed55af1efead5d6deb640fe16aafce34550514998c78cbc6efb04d2141c36a3fea09a336e940d5449
SSDEEP

3072:Zqu3C25y+VYQVTKsbVIGJ9GlGXqLdvhIGpUCEGI4vyXvsFmeI:Mu3BpssbVHol5bc4vy/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98e00abe4858371601ec39fce6338a90

Files

98e00abe4858371601ec39fce6338a90
.dll windows:4 windows x86 arch:x86

a04dbcf8f115fe95ff323288436dbb77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteExW
SHAppBarMessage
Shell_NotifyIconW
FindExecutableW
ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

kernel32

GetCommandLineW
LCMapStringW
LoadLibraryExW
GetCurrencyFormatA
VirtualUnlock
VirtualLock
GetSystemInfo
ReleaseMutex
CreateMutexW
ResetEvent
SetEvent
CreateEventW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapDestroy
GetVersionExA
FreeLibrary
LoadLibraryW
GetProcAddress
GetCurrentThreadId
GetLastError

oleaut32

SafeArrayDestroyDescriptor
CreateErrorInfo
OleLoadPictureEx
GetErrorInfo
SetErrorInfo
GetActiveObject
VariantInit
SysFreeString

Exports

Exports

AlphaBlend
GradientFill
TransparentBlt

Sections

.text
Size: 105KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ