c27259421b7192cd51f9f0fae57a2b7b

Sharing

Copy URL Twitter E-mail

General

Target

c27259421b7192cd51f9f0fae57a2b7b
Size

108KB
MD5

c27259421b7192cd51f9f0fae57a2b7b
SHA1

440ed84bf87f516909e768d92f2530d9605d5a8c
SHA256

52e050bb34fdb458395b3a1695dd5fe6af720e0e0f4dbb11f651042e9f1032b9
SHA512

0d693be8e3739ba315b356d7ab9dbe05ba4890eeda6821d5f10e0e3e6a43cfd2d2217233db56642f465dd6043b03254299afa76013de0c6858f05f41d5600893
SSDEEP

1536:yO/ge8ZVf4bCD+gZye615KPpgwuFe/1V+7DtTsca:MZVf4L9brxFU1VGDtT7a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c27259421b7192cd51f9f0fae57a2b7b

Files

c27259421b7192cd51f9f0fae57a2b7b
.dll windows:4 windows x86 arch:x86

1c310185c96e99efe5aa3e9b68e05b06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

b:\test_form\e-gold_dll_UPDATE8_manifest\release\dll_vc++.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CloseHandle
CreateThread
CreateFileA
WriteFile
CreateProcessA
Sleep
lstrlenA
HeapAlloc
HeapFree
lstrcmpiA
GetModuleFileNameA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
lstrcpyA
lstrcatA
GetProcessHeap
GetSystemDirectoryA
SetStdHandle
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
HeapSize
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStdHandle
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

SetWindowPos
DispatchMessageW
TranslateMessage
MessageBoxA
GetMessageW

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

ole32

CoInitialize
CoUninitialize
OleInitialize
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantCopy
VariantClear
VariantInit
SysAllocString
SysFreeString

Exports

Exports

_tDllFunc2@4
_tDllFunc@4
f

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c310185c96e99efe5aa3e9b68e05b06

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 22KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 22KB

.reloc
Size: 8KB - Virtual size: 6KB