c7761ce1009870a4bf6d4b1e768f189e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7761ce1009870a4bf6d4b1e768f189e
Size

74KB
MD5

c7761ce1009870a4bf6d4b1e768f189e
SHA1

d572a89a9f77adc66d0fbd0a7822d004c23a5529
SHA256

8ab905364be787bc8f1beef12f711c10054127e4b92df5c6f225951a00817cac
SHA512

f5b581b80207f33c8ab7198b6ac5a3b0aca612865b09ccd640fa04546eaebd5827f97e5d560d56bc07ccee2f8a33b82f2dfa2a6904401d88f087739e85abd30c
SSDEEP

1536:GQAqOTvsj1SCGKDWkfWF/pD8H9do+zce1JrQl8WOp+8P1JmA16o7O:7AB8UMDWbF/pDO1JrUE+8PF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7761ce1009870a4bf6d4b1e768f189e

Files

c7761ce1009870a4bf6d4b1e768f189e
.dll windows:4 windows x86 arch:x86

6b1a662ddfa589116f4afc1b27fc69c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IoAcquireRemoveLockEx
NtDeleteAtom
RtlTimeToTimeFields
IoStartTimer
FsRtlAreNamesEqual
KeRestoreFloatingPointState
RtlNtStatusToDosError
RtlUnicodeToMultiByteSize
IoSetInformation
PsChargePoolQuota
FsRtlCopyRead
ExRaiseDatatypeMisalignment

Sections

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 369B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ