ca2397a00c05488da6c5dabb22df34f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca2397a00c05488da6c5dabb22df34f5
Size

187KB
MD5

ca2397a00c05488da6c5dabb22df34f5
SHA1

f6f4ac513192359d26f7f9a9b2f48f192eb52d76
SHA256

287a05effe4cf5343170da997df21174bb0419a050d0e286c33b9574289aebb1
SHA512

c5247daaaf45b949cbda5b8b1906e6b8add46a89fc357ec255205dcd79d410e9054c0b007cef58bf90b325761e9e81c2ad0a8f9e5c5b7f32388ba778d72803cf
SSDEEP

3072:lxa+7LNBYEM4kSCt/DRPAX/5kccImD8IiYHFh+nfAAV2GBCk:lxa+7LNBYEM4kSCt/DR6/5bqQTYlC4AR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca2397a00c05488da6c5dabb22df34f5

Files

ca2397a00c05488da6c5dabb22df34f5
.dll windows:6 windows x64 arch:x64

418bb7afa91ee2677e9770deeeb77473

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrA

kernel32

GetCurrentProcessId
GetCurrentThreadId

Exports

Exports

?glopertw@@YAHXZ
?slqermw@@YAHXZ
PluginInit
update

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ