ca4ba324ad9e327fee3042e32a11f8f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca4ba324ad9e327fee3042e32a11f8f5
Size

88KB
MD5

ca4ba324ad9e327fee3042e32a11f8f5
SHA1

78a12ef194faad5f16b39aeb43a14de67e1a4993
SHA256

23c42a2e012398a7a3d6fd517b0488e007e3c8c5f48a14a061640e662392f8fa
SHA512

0876ea4d707e712e9e23bac815284a056e48ea569214a0d9d89258ac24fde5c0523073e59cbcc684a9b9bcf6f9301e96cf8542094d448cba4ea35691be09c476
SSDEEP

1536:pHCBWjxrYpXqRYn0tbbp8OZI67zvIrVuML92gsLP94W671bDdWvPEiSzSutWI1tb:1sWjxrSAY01bjZdukK92gsLPt0RdWvMN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca4ba324ad9e327fee3042e32a11f8f5

Files

ca4ba324ad9e327fee3042e32a11f8f5
.dll windows:4 windows x86 arch:x86

a9547091a06a6a6ef52bf7ac2b9fd79a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ninitnae.pdb

Imports

kernel32

GetFullPathNameW
SetEndOfFile
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetCurrentProcess
DeleteFileW
GetSystemInfo
GetVersionExW
SetFilePointerEx
GetModuleHandleW
GetCurrentThread
GetDriveTypeW
FormatMessageW
GetProcAddress
CreateHardLinkW
GetModuleHandleA
GetVolumeInformationW
GetTimeFormatW
LocalFree
GetFileSizeEx
GetDateFormatW
CloseHandle
GetLastError
CreateFileW
DeviceIoControl

advapi32

LookupAccountSidA
OpenEventLogW
LookupAccountSidW
RevertToSelf
LookupAccountNameW
AdjustTokenPrivileges
AllocateAndInitializeSid
LookupPrivilegeValueW
CheckTokenMembership
CloseEventLog
OpenProcessToken
OpenThreadToken
ImpersonateSelf
ReadEventLogW
EqualSid

Exports

Exports

piueozn

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 538B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ