a43b1d9e22b84ad03b0e5355e84d42b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a43b1d9e22b84ad03b0e5355e84d42b7
Size

15KB
MD5

a43b1d9e22b84ad03b0e5355e84d42b7
SHA1

8f4fb8398fa7d08bc800ed9f6a84710c17ab3756
SHA256

9cf4485116654732e84b701bd87873373e4ca3b4f012f3907b228025765831f1
SHA512

4fae9b77aad54dcef861f3ccaccfbc263ad2f0ce157570401894c7830682f249a5d35db6ba1e4270fb172f03398ddf77e0a9476d931b354fc5ce3dab722543ac
SSDEEP

192:2APsGP6otvUIdaRV7h5ezku1FeiUvuoo4Cv+NDu8xlmtf:20sGJvUTtMkuejPC0u87M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a43b1d9e22b84ad03b0e5355e84d42b7

Files

a43b1d9e22b84ad03b0e5355e84d42b7
.dll windows:4 windows x86 arch:x86

f7dd7b9cf8993daf7a1d8fa36c5d8081

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetProcAddress
GetModuleHandleA
DeleteFileA
CreateFileA
WriteFile
OpenEventA
Sleep
GetFileSize
ReadFile
GetModuleFileNameA
CreateToolhelp32Snapshot
MapViewOfFile
CreateFileMappingA
SetFilePointer
TerminateProcess
VirtualProtectEx
ReadProcessMemory
GetCurrentProcess
CreateEventA
SetThreadPriority
CreateThread
GlobalFree
GlobalLock
GlobalAlloc
OutputDebugStringA
IsBadReadPtr
Process32First
Process32Next
CloseHandle
VirtualFree
UnmapViewOfFile
VirtualAlloc

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
wsprintfA
GetInputState
PostThreadMessageA
GetMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ