156a58be2307626aedef51165a944c71074a31456255e94aa34273be315c3f8c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

156a58be2307626aedef51165a944c71074a31456255e94aa34273be315c3f8c
Size

33.5MB
MD5

c87094e261860e3a1f70b0681e1bc8c5
SHA1

c9ccc03f45080aa813bba9d1f53df3dc30ab2746
SHA256

156a58be2307626aedef51165a944c71074a31456255e94aa34273be315c3f8c
SHA512

7b3efd2363678cd2ede59ddbd73af74b090f9e8062439147ff9696cf980a71ec1b10b963e60b6e27149e7cf2379b45c137f716367a0131c293ff01b2a3d33b38
SSDEEP

24576:8kuXSMqaUo8VEMYwgOZMESL44ojLVhHfCbVyiLZNsnPRRT3xmD2:8kuCpaJ8VEMnSg7VxfCUiLZynpRlmD2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
156a58be2307626aedef51165a944c71074a31456255e94aa34273be315c3f8c

Files

156a58be2307626aedef51165a944c71074a31456255e94aa34273be315c3f8c
.dll windows:5 windows x86 arch:x86

a3849a025f18171aadb03c7b881ef853

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentStrings
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

StrStrIA

wininet

HttpSendRequestA

Exports

Exports

Request
Run
Start

Sections

.text
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adal0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adal1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ