622950025d10850c1ae7857985c0bf66e49d629228a9314b8a737d930beb035b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

622950025d10850c1ae7857985c0bf66e49d629228a9314b8a737d930beb035b
Size

184KB
MD5

0738910deb4709ec61210e321ccad72e
SHA1

d66b04c01eccc68406692e35db3ee1854e1db568
SHA256

622950025d10850c1ae7857985c0bf66e49d629228a9314b8a737d930beb035b
SHA512

8221777b7c6d01781d20311fa8c9684a45179dffab91ab53a541162aff4e9cc6dd1661ace51e2e538de32ad58b78aef0ec7820bf9bc6f346f36e891f5208e68d
SSDEEP

3072:CZ/Aq5HJv6rBXHdH1iF3P74buGdSg4GeLfqMsnwXB:CbRQBXHtq3PUbt3te7Bsn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
622950025d10850c1ae7857985c0bf66e49d629228a9314b8a737d930beb035b

Files

622950025d10850c1ae7857985c0bf66e49d629228a9314b8a737d930beb035b
.dll windows:5 windows x86 arch:x86

296c5ce0ec7abebda668048df2df9b05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
LoadLibraryExA
LoadLibraryA
LoadLibraryW
CloseHandle
GetModuleHandleA
GetComputerNameA
GetProcessId

shlwapi

PathSearchAndQualifyW
StrDupA

advapi32

RegLoadAppKeyW
GetSidIdentifierAuthority
OpenServiceA

winmm

timeKillEvent
mmioSeek

iphlpapi

NotifyAddrChange

ole32

CoGetInterfaceAndReleaseStream

setupapi

SetupDiDeleteDeviceInterfaceData
SetupDiSetSelectedDevice

user32

CreateDialogIndirectParamA
TranslateMessage
SwapMouseButton

comdlg32

CommDlgExtendedError

oleaut32

SysReAllocString

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00wwO
Size: 120KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ