bda6067a352fbf296e9f68f61ce9a7d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bda6067a352fbf296e9f68f61ce9a7d9
Size

116KB
MD5

bda6067a352fbf296e9f68f61ce9a7d9
SHA1

7421b51cf62b443ec5e27bb3fc5094a6e7365191
SHA256

806842d3e2836dc45c51e94dd1dbecb82dcc42519107251f2fa21c45791a2d63
SHA512

d8d3fa37175ddf18c142eb0a6a5fd3f5e1d123232d1e46c455a37f93e3ea5924deaa7fe20c92640dd523f8b950222387be6e5bb2aebff58a48515b2b477c717f
SSDEEP

3072:GXxkIlbxo+4/nkBi3jiwBTzYfcxPso1ucYunQ:GaIhxwAiWwVzYfcV71T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bda6067a352fbf296e9f68f61ce9a7d9

Files

bda6067a352fbf296e9f68f61ce9a7d9
.dll windows:4 windows x86 arch:x86

3dad780c8df6d122f23d97838f3f3b95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwQuerySystemInformation
ZwClose
RtlAdjustPrivilege
_snprintf
RtlRandomEx
_wcsicmp
_stricmp
RtlInitUnicodeString
ZwImpersonateThread
_snwprintf
ZwLoadDriver
ZwOpenThread
memset
memcpy
_chkstk

shlwapi

PathFindFileNameA
SHDeleteKeyA

kernel32

DeleteFileA
CloseHandle
GetVersionExA
CreateFileA
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
GetLocalTime
GetTempFileNameA
Sleep
DisableThreadLibraryCalls
CreateThread
GetTickCount
VirtualFree
GetProcAddress
WriteFile
VirtualAlloc

advapi32

RegOpenKeyA
RegCreateKeyA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE