cc3159391929b63355cc2658b39df92b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cc3159391929b63355cc2658b39df92b
Size

20KB
MD5

cc3159391929b63355cc2658b39df92b
SHA1

f0d5516abbd5735a182557591f4306575ab6e23a
SHA256

36e0fc0906b9745804928bddd57b417b4b28de103eaa75c2b09a41e09a67892e
SHA512

c2cd406f346c2e9d456459d48fdfa362db375d9e15cc5456aba684f0d609439895641425cb139313189af63f2390fb82aa23984fdfaa1b79cb855c628f215f51
SSDEEP

384:XxrNM/1V/jeK+FuutnmeFuDduLJAyaXcOhI6pMOon:X01V/oFDFm6uYOw3n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc3159391929b63355cc2658b39df92b

Files

cc3159391929b63355cc2658b39df92b
.dll windows:4 windows x86 arch:x86

6ab409e4bc0766ecf8f8b63c64c1fe65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlImageNtHeader
strchr
_stricmp
ZwOpenEvent
atoi
sprintf
_snprintf
strncmp
_chkstk
memcpy

msvcrt

realloc
free
strtok
malloc

kernel32

SetEvent
LoadLibraryA
GetLastError
InterlockedExchange
GetProcAddress
LocalAlloc
GetVolumeInformationA
CreateThread
GetTempPathA
VirtualProtect
LoadLibraryExA
GetModuleHandleA
Sleep
CloseHandle
MoveFileExA
FreeLibrary
WaitForSingleObject
GetModuleFileNameA
VirtualAlloc
GetTempFileNameA
RaiseException

Sections

.text
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ