c9637aa67fda7b0a85c88adaf2af989b | Triage

Sharing

General

Target

c9637aa67fda7b0a85c88adaf2af989b
Size

14KB
MD5

c9637aa67fda7b0a85c88adaf2af989b
SHA1

ad5a653c6ceba74d39d8c8033df0a68d8bb20928
SHA256

9d57a2747b49f8614276bb2d40d6e01abc6e6470077942521b1653c624430970
SHA512

bcf94710254a9262db270b7b2aa545aa66210fce0f2b663ac078a3e03ab323eb67478afada435435017eae51b5d3fbb9c34de54621eab81e99c61792c13dcf9f
SSDEEP

192:IIJ/hqtlTcfAuS3dy7aauxO5mtxodUJ+hF1Rjj08O3mPbWGGKP5m4cm8:nphqbTKSNkaa0O5mbohlRjXzWY8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9637aa67fda7b0a85c88adaf2af989b

Files

c9637aa67fda7b0a85c88adaf2af989b
.dll windows:5 windows x86 arch:x86

c5afbcba9dac53b4ad268032b98b278c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
lstrlenA
WriteFile
GetProcAddress
CloseHandle
HeapFree
Process32First
GetLogicalDrives
GetTickCount
GetProcessHeap
GetDriveTypeA
Sleep
lstrcatA
GetLogicalDriveStringsA
lstrcmpiA
GetTempFileNameA
LoadLibraryA
GetModuleHandleA
CreateToolhelp32Snapshot
lstrcpyA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
IsDebuggerPresent

user32

CopyIcon
FindWindowA
LoadCursorA
wsprintfA

netapi32

Netbios

Exports

Exports

Exbcute

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ