b5afb86c58e5d7d81048489b2393a930

Sharing

Copy URL Twitter E-mail

General

Target

b5afb86c58e5d7d81048489b2393a930
Size

488KB
MD5

b5afb86c58e5d7d81048489b2393a930
SHA1

1d13dcd9f17d527537d84eaacc7e4143f2c2ed50
SHA256

3841231191224d6788e0836a7fb147d3f09d35b1b95a3bbcdb43e4baef40f8b7
SHA512

1338555e9d271a23660b6d1191a251a91e02b01fec26511a940465b6a0586d045309002d64cf45d24597081779cbf4629b29908079730bd6976a936493ac4c1f
SSDEEP

12288:x1x2xZdC417R/jAfSXI8JkHyu0LqpGA/Z1sgEGLAN:xqxZdzBqwK/0Li2GLAN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5afb86c58e5d7d81048489b2393a930

Files

b5afb86c58e5d7d81048489b2393a930
.dll windows:5 windows x64 arch:x64

43f1a26342df7cc84bab0af245d3c007

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memset
rewind

gdi32

AbortPath
PlayEnhMetaFileRecord

shlwapi

PathIsDirectoryEmptyW

user32

BeginDeferWindowPos
IsWow64Message
GetDCEx
DdeSetUserHandle
UnhookWinEvent
DdeClientTransaction

kernel32

GetConsoleDisplayMode
FindVolumeMountPointClose
WriteProfileStringA

rpcrt4

RpcBindingInqAuthInfoA
RpcErrorStartEnumeration
RpcSsContextLockExclusive

advapi32

EqualSid
QueryServiceConfig2W

rasapi32

RasGetEapUserIdentityW

Exports

Exports

BrandingFormatString
BrandingLoadBitmap
BrandingLoadCursor
BrandingLoadIcon
BrandingLoadImage
BrandingLoadString
GetHinstanceByNameSpace

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exp
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43f1a26342df7cc84bab0af245d3c007

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

gdi32

shlwapi

user32

kernel32

rpcrt4

advapi32

rasapi32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 24KB - Virtual size: 20KB

.pdata Size: 4KB - Virtual size: 360B

.exp Size: 216KB - Virtual size: 214KB

.qdata Size: 212KB - Virtual size: 209KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 24KB - Virtual size: 20KB

.pdata
Size: 4KB - Virtual size: 360B

.exp
Size: 216KB - Virtual size: 214KB

.qdata
Size: 212KB - Virtual size: 209KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 4KB - Virtual size: 2KB