5d1a799d373ca37115df8ee9b7c255ff3dc59e5ca6dfeab11de27414abb214ac | Triage

Sharing

General

Target

5d1a799d373ca37115df8ee9b7c255ff3dc59e5ca6dfeab11de27414abb214ac
Size

5.7MB
MD5

186338b9970a4ee5bb875c0b5aa4f737
SHA1

b52619a320c119e64ffbf8a197f1f885cb63421e
SHA256

5d1a799d373ca37115df8ee9b7c255ff3dc59e5ca6dfeab11de27414abb214ac
SHA512

7fefae8d49758ece43aba6be6f3a39d2cf95dd6d050318f3d75e4aa63556348dba43e44d46e9f96555a85b5d9747ff7c3c6d3419b1c1662f7584be241ad8b4bd
SSDEEP

98304:zjy/jh1cI43CFiWl/u/Ct4qkoLpTid1xyQTQpDN+Q3XUSsgo2zdV+ID59:f6jH+VWAKt4STW/TQl4Qi8Sk59

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d1a799d373ca37115df8ee9b7c255ff3dc59e5ca6dfeab11de27414abb214ac

Files

5d1a799d373ca37115df8ee9b7c255ff3dc59e5ca6dfeab11de27414abb214ac
.dll windows:6 windows x86 arch:x86

b77044a26a5f7eab7136eb970864b7cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharUpperBuffW

Exports

Exports

Server
timeGetTime

Sections

.text
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RTZ0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RTZ1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RTZ2
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ