df8a54059f9fbb22fce06767b2088501 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df8a54059f9fbb22fce06767b2088501
Size

150KB
MD5

df8a54059f9fbb22fce06767b2088501
SHA1

ca0274ecc3aa58b3f0ca0e2970bc48aa06104f18
SHA256

9b0859ac28fb72c17dfef90db6738ce0e3fc7ab6d20c4dd803fff5102212e783
SHA512

00024c466af168a85e72471268b527aa9fed3a1990dd703d2a9b20e0908bc26ec0d5fd9e83c69d86c970b3a854fb642a2264490c448c8a4aa71144198cf1bd1d
SSDEEP

3072:TTWDGeQbILS00wgTQhkLGhBvgLWFdyR5vt2mG6:TTqjL4ijB3mT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df8a54059f9fbb22fce06767b2088501

Files

df8a54059f9fbb22fce06767b2088501
.dll windows:4 windows x86 arch:x86

44dbb63847183a3f7c379297d8d7ddf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW
CommDlgExtendedError

kernel32

GetModuleHandleW
FindClose
FindNextFileA
GetStringTypeW
FindFirstFileA
EnumResourceLanguagesA
WideCharToMultiByte
ReadFile
WriteFile
SetFilePointer
GlobalHandle
IsDBCSLeadByte
GetModuleHandleA
VirtualProtect
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep

oleaut32

DispGetIDsOfNames
CreateErrorInfo
OleCreateFontIndirect
GetErrorInfo
SetErrorInfo
GetActiveObject
VariantInit
SysFreeString

Exports

Exports

AlphaBlend
GradientFill
TransparentBlt

Sections

.text
Size: 97KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ