d6a4c1d639a446d96f2f854ef68c8f59 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6a4c1d639a446d96f2f854ef68c8f59
Size

189KB
MD5

d6a4c1d639a446d96f2f854ef68c8f59
SHA1

2754aa1712a01795741f6d17809c28ab66ae0100
SHA256

58cfca19af0b0c6b4cbdcf4faf4bb999b5ccb566287b9dcfc5f07978225ae278
SHA512

48bb6bdc1243a5a7857828bf0925ec382a49ebd00da67ec4dee574863f75f3d2d61f7755bb8bae5c839baa09e6e0857c3137c2bbd2671e56a8c8f15b774c85f0
SSDEEP

3072:Zw3JXQQphVhGg6woNWtmrLgfbXFhCb6yT7JBCayECAUyzy6AjsBpjg7Af34yISqI:O3JXTTz/dYWBXFIbHX0rVSg7QI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6a4c1d639a446d96f2f854ef68c8f59

Files

d6a4c1d639a446d96f2f854ef68c8f59
.dll windows:5 windows x86 arch:x86

0aeab4185e2768f0c3b9bc32cf8ea2f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Information\Desktop\Windows\OS_Starter.exe

Imports

msvcrt

_cexit
_exit
__p__fmode
__setusermatherr
_XcptFilter
fseek
__p__commode
fread
__set_app_type
_controlfp
wcstombs
strspn
_initterm
_ismbblead
exit
wcspbrk
_amsg_exit
ungetc
__getmainargs

kernel32

FindResourceW
SetCommBreak
GetDateFormatW
CreateFileW
GlobalFlags
DeleteFileA
SearchPathW
FileTimeToDosDateTime
CreateThread
WaitForMultipleObjectsEx
GetShortPathNameA
MoveFileA

Exports

Exports

_ReplyMessageReplyMessageReplyMessage@0

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ