a98c15ed0cc9b05a4d17337e60330607 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a98c15ed0cc9b05a4d17337e60330607
Size

48KB
MD5

a98c15ed0cc9b05a4d17337e60330607
SHA1

d2b0a3ffaa4b68784aef610eab3b33aa6580054b
SHA256

e0db66534b6f27d52097cc21c1a2e9ac893545c56bc2eee2e5d5980b8fe147d2
SHA512

816fa81c9037c4e835cdb971823b46288dc0359a6ecd6bfe64e51086c8297298826368f86285d2c40b5b35bb34c6e655baffe0bf26dbb4539d31def4d752eb1f
SSDEEP

768:9+LRoly2J60y0QQHQmau49+pms6wZV3x3hNQTYkvRuJVR:9+FolVP7HMu49IV6w3BRQiJVR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a98c15ed0cc9b05a4d17337e60330607

Files

a98c15ed0cc9b05a4d17337e60330607
.dll windows:4 windows x86 arch:x86

78548a86c12cd1daf85a076b0de60366

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strcpy
_wcsnicmp
_strlwr
strcmp
RtlImageDirectoryEntryToData
RtlImageNtHeader
RtlGetCurrentPeb
RtlEqualUnicodeString
strstr
sprintf
strncpy
memset
strcat
strlen
_strnicmp
wcsstr
memcpy
_wcslwr
_chkstk

kernel32

Sleep
HeapFree
HeapReAlloc
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
DeleteCriticalSection
TerminateThread
GetCurrentProcess
CreateRemoteThread
CreateMutexA
InitializeCriticalSection
LoadLibraryA
GetModuleHandleA
ExitProcess
GetModuleFileNameA
CreateFileA
GetFileSize
ReadFile
CloseHandle
WriteFile
GetTempPathA
GetLastError
DeleteFileA
GetSystemDirectoryA
MoveFileA
DisableThreadLibraryCalls
OutputDebugStringA
EnterCriticalSection
VirtualProtect
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ