aaa0653b97b1406fc6809ef4240e1e31 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aaa0653b97b1406fc6809ef4240e1e31
Size

24KB
MD5

aaa0653b97b1406fc6809ef4240e1e31
SHA1

48d87c281e38968eabfc622148c43f2c82688197
SHA256

42ff889b2503f32c730c95cb1658ed1c2b1638d34e6b3c5817b569f93d58b685
SHA512

cb8cd299a8a811afe50631fcf2fdfdf6918aafd729c89897f06357fdecdc39dbb4184d76978ea7a21592e25fc55468d52ec2ae1991cac1438d4cf4d648c253cc
SSDEEP

192:1wQ/i1EFBEwgwGC2bxF+1PBh+P2itVN0:1wQ/isEwgwrqb+Xh0/0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaa0653b97b1406fc6809ef4240e1e31

Files

aaa0653b97b1406fc6809ef4240e1e31
.dll windows:4 windows x86 arch:x86

2353ef2c7b3c8914d84c1ce821178e70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sync20

ord39
ord38
ord22
ord26
SyncGetDBRecordCount
ord41
ord40
ord31
ord28
ord23
ord33
ord32
SyncYieldCycles
ord36
ord37

hslog20

ord52

mfc42

ord342
ord533
ord798
ord540
ord800
ord537
ord1182
ord823
ord825
ord4234
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv
_chdir
__CxxFrameHandler
strncpy
sprintf

kernel32

GetPrivateProfileStringA
lstrcmpA
lstrcpyA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA

user32

wsprintfA
MessageBoxA

Exports

Exports

ConfigureConduit
GetConduitName
GetConduitVersion
OpenConduit

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ