cc09e6afd589f136fddc8316b75cd948 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cc09e6afd589f136fddc8316b75cd948
Size

85KB
MD5

cc09e6afd589f136fddc8316b75cd948
SHA1

8a96a13723141252c661bb9bdfd5c4f4c9030f75
SHA256

995860ce0c677cfdbdde51e4da180a0db468ab3c016cd73ac94595021afd31ff
SHA512

ea13cf64a633d920645fbd13dad568d3a87e2aa482e3f52c6787fb74271e3d13e2978c654aeba47a4eabe06dbfb02c52c7ee9f0dbd4ea849acd8a3fe5a4af6ab
SSDEEP

1536:eQVh6APfvbhINXGNbZutRZsS1zYX7xY1P0IzNvs8bherw6:eIh6AP2ZGZuyX7e1Pr5vs8UrZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Loader.dll
unpack001/Loader.exe

Files

cc09e6afd589f136fddc8316b75cd948
.rar
Loader.dll
.dll windows:4 windows x86 arch:x86

94f1a58b54ff933e73d09b5439db2f7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetAsyncKeyState

gdi32

DeleteObject

advapi32

RegCloseKey

Sections

.text
Size: 63KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Loader.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 11KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE