be4a6560694cfc0d8486867525319d27 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be4a6560694cfc0d8486867525319d27
Size

15KB
MD5

be4a6560694cfc0d8486867525319d27
SHA1

7a85150fd7365afa4b2d9d67303dec4def13ef56
SHA256

d50825d35a5f9539c23e6defdb6f82beb21c9d308df93315885ea3e4e1334349
SHA512

8351f87ef21ea71157ac17c8c8bf99c2b9a4abfc65007cb54c01fa08c2d44d8e2ba3d0d8027496ae051f27a404e5f0bb1ecabe4c404ca2426c4ab85130ee4282
SSDEEP

384:PAYhFEphe97iZiILT3DUg0klufkMrFvThcrcWAtu+:4YhFIhe9ulLT3og0iIhbKATA+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be4a6560694cfc0d8486867525319d27

Files

be4a6560694cfc0d8486867525319d27
.dll windows:4 windows x86 arch:x86

c41d9f965bd1abac78947c282ee4ec1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CallWindowProcW
RegisterClassExW
LoadImageW
ReleaseDC
RegisterClipboardFormatA
InvalidateRect
GetDC
DefDlgProcA
wsprintfA

kernel32

GlobalAlloc
lstrcatA
SystemTimeToFileTime
SleepEx
Sleep
RtlMoveMemory
OpenMutexA
LoadLibraryExA
AddAtomA
Beep
BeginUpdateResourceA
CloseHandle
CreateThread
DeviceIoControl
ExitProcess
ExitThread
FlushViewOfFile
GetCommandLineA
GetProcessHeaps
GetSystemTime
GetTickCount
LoadLibraryA
GlobalFree
InitAtomTable

gdi32

BitBlt
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
GetDeviceCaps
GetFontUnicodeRanges
SelectObject

Exports

Exports

pgibon

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ