4da57027ffe7e32c891334d6834923bc17e4174c53ace4ff69de6410c24d84cb | Triage

Sharing

General

Target

4da57027ffe7e32c891334d6834923bc17e4174c53ace4ff69de6410c24d84cb
Size

2KB
MD5

4f744666d2a2dc95419208c61e42f163
SHA1

34712624aadd053f43703af860fe90e545bf1f0a
SHA256

4da57027ffe7e32c891334d6834923bc17e4174c53ace4ff69de6410c24d84cb
SHA512

e4a98c418cee32c5970d29729d0e8f4064ce30a47a8f1f076ab0e869b0ef618f7e6aac3859acc02b887b5a47b69f3d8f43561d68740491bdfea729049cf748fc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4da57027ffe7e32c891334d6834923bc17e4174c53ace4ff69de6410c24d84cb

Files

4da57027ffe7e32c891334d6834923bc17e4174c53ace4ff69de6410c24d84cb
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

APIExportForDetours
CurrentThreadIsVirtualized
IsProcessHooked
RequestUnhookedFunctionList
VirtualizeCurrentProcess
VirtualizeCurrentThread

Sections

.text
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ