02798a01feed3675a4d898831da5db19b925f41f48734f0620c0ce09f3c7d52f

General

Target

02798a01feed3675a4d898831da5db19b925f41f48734f0620c0ce09f3c7d52f
Size

519KB
MD5

24a5ddd3f2ed5738a19b81e218ec66b7
SHA1

0f10bae3e9146959a8be42c470c2de83ef91b630
SHA256

02798a01feed3675a4d898831da5db19b925f41f48734f0620c0ce09f3c7d52f
SHA512

ffa47fd09e3203e187f895ad871b29f67128a17258f23161aac189aaf04bf1388f51412f5461af6aead6036dc7f4e874d7a41290c35acab205433601b5de5d32
SSDEEP

6144:HlzH+IkYz/OmsZe+3NivdWZlD97v2nNApE/DmbXwKb1bNNJzvuO7o8Bc:HQhsGmsZ0vdS9aNAr5RRjz57lK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02798a01feed3675a4d898831da5db19b925f41f48734f0620c0ce09f3c7d52f

Files

02798a01feed3675a4d898831da5db19b925f41f48734f0620c0ce09f3c7d52f
.dll windows:4 windows x86 arch:x86

fb3af67ef76e45bac086bbb58b3ec5e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

peaicokage.pdb

Imports

kernel32

FreeLibrary
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileSectionA
SetErrorMode
UnmapViewOfFile
WriteFile
HeapAlloc
GetFileSize
GetTickCount
GetTempPathA
SetUnhandledExceptionFilter
FindFirstFileA
FindFirstFileExA
ReadFile
SetFilePointer
GetFileAttributesA
GetCurrentProcess
LocalAlloc
GetProcessHeap
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
FindClose
CreateFileMappingA
HeapFree
LoadLibraryA
SetLastError
GetPrivateProfileStringA
GetCurrentDirectoryA
CreateFileA
GetLastError
OpenProcess
GetFileInformationByHandle
RemoveDirectoryA
FindNextFileA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
MapViewOfFile
CopyFileA
GetFullPathNameA
QueryPerformanceCounter
GetFileAttributesExA
DeleteFileA
FlushViewOfFile
SetEndOfFile
SetCurrentDirectoryA
GetProcAddress
ExpandEnvironmentStringsA
Sleep
CloseHandle
LocalFree
SetFileAttributesA
GetTempFileNameA
TerminateProcess

user32

CreateMenu
GetDesktopWindow
GetDlgItem
DestroyMenu
FindWindowA
GetDlgItemTextA
DestroyWindow

advapi32

OpenProcessToken
LookupPrivilegeValueA
ConvertStringSidToSidA
AdjustTokenPrivileges

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

hnin

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 477KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb3af67ef76e45bac086bbb58b3ec5e2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

version

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 38KB

.data Size: 477KB - Virtual size: 476KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 38KB

.data
Size: 477KB - Virtual size: 476KB

.reloc
Size: 2KB - Virtual size: 2KB