c52cd7eed4ad813516aafdc85a828f89

Sharing

Copy URL Twitter E-mail

General

Target

c52cd7eed4ad813516aafdc85a828f89
Size

362KB
MD5

c52cd7eed4ad813516aafdc85a828f89
SHA1

04554c99fa1f0168695e3e47bbccc5d4940ba6c2
SHA256

7a6b9f8dadddefe6fc0b236e198e1f1a9352ea3ecc2554f9681d17965549a47f
SHA512

c38cb065147e24b95d3491ee638a6e5ef220d23ccddfde3b9a77c895e792f4c5f5028c84ba74b25587bdcdf3faf8f3ef9677405d62004a8205c716682525ff51
SSDEEP

6144:5GuY82kMfqzIVs1nneTqykRMCKwcC8FHlPbszWsbfi60Use+Wn4gvrUJ3A5oYE7U:5GuY82kyqzIVsBneTqykRMCKwcC8FHxv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c52cd7eed4ad813516aafdc85a828f89

Files

c52cd7eed4ad813516aafdc85a828f89
.dll windows:5 windows x86 arch:x86

14d3f77d2dee576768395d9c39e11707

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\build\source\datatype\rm\filewriter\rel32\rmwrtr.pdb

Imports

ole32

CoCreateGuid

kernel32

LoadLibraryA
GetProcAddress
GetTickCount
GlobalMemoryStatus
GetFileSize
GetSystemInfo
UnmapViewOfFile
GetLastError
MapViewOfFile
CreateFileMappingA
CreateFileA
CloseHandle
GetTempFileNameA
GetTempPathA
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
IsDebuggerPresent
GetCurrentThreadId
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcr90

malloc
_time32
qsort
strstr
strrchr
sprintf
free
memmove
_errno
_close
_lseek
_read
_write
_fstat32
_chsize
strchr
strtoul
_strnicmp
atof
strncpy
isspace
strncmp
strtol
_unlink
_purecall
strncat
_vsnprintf
_ftime32
_localtime32
__timezone
_tzset
strtod
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
atoi
vsprintf
memset
??_V@YAXPAX@Z
??3@YAXPAX@Z
??_U@YAPAXI@Z
memcpy
_stricmp
??2@YAPAXI@Z
_creat
_open
_sopen
_tell

Exports

Exports

RMACreateInstance

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14d3f77d2dee576768395d9c39e11707

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 219KB - Virtual size: 219KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 219KB - Virtual size: 219KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 11KB - Virtual size: 11KB