c8e24b40c9df977952d471f93edef1c1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8e24b40c9df977952d471f93edef1c1
Size

160KB
MD5

c8e24b40c9df977952d471f93edef1c1
SHA1

1e979f6a91328242077715bf303189d632b8ef5e
SHA256

44fa95c178573c42e1ed0f989439ee9989245f6f01e17d15dc246889c6df6ac5
SHA512

79c09553b8e1e93157f9e070298f26caf8edafbc770fc04f04307da9bb2ffb82027de8641225d642c19bcb8a366815ad935117d80fc7926235c0b7e027cf263a
SSDEEP

3072:x0x2OVjfjXj0xNeGd3cs2zuXo3j5B5alIFbAM:qMOpH0xNeGd3cRX4aA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8e24b40c9df977952d471f93edef1c1

Files

c8e24b40c9df977952d471f93edef1c1
.dll windows:4 windows x86 arch:x86

bd66a30531b4efaa6bf62d4ce6d555ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

recuava.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
TerminateProcess
lstrlenA
HeapDestroy
GetCurrentProcess
GetLastError
GetCurrentThreadId
MultiByteToWideChar
DisableThreadLibraryCalls
UnhandledExceptionFilter
LocalFree
LeaveCriticalSection

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID

advapi32

RegCloseKey
IsValidAcl

msvcrt

wcschr
fwprintf
malloc
free
wcsrchr
fclose
wcslen

Exports

Exports

kridquf

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 698B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ