c3148c6c4b0ecce9c7d07ba57dea96e35acf5f2ef47396c48339bb9a3a07e390 | Triage

Sharing

General

Target

c3148c6c4b0ecce9c7d07ba57dea96e35acf5f2ef47396c48339bb9a3a07e390
Size

4.8MB
MD5

b64a0fbbfad013c85d14579b3fe091a8
SHA1

759034746e83882b614b7d47934db30fae9d6d96
SHA256

c3148c6c4b0ecce9c7d07ba57dea96e35acf5f2ef47396c48339bb9a3a07e390
SHA512

29fe507ca0ee44d5003a82b7ba04d2b0616a1552e0fe2631cc840bd9bacb106dd2ff7c07ba3e467cd10768fbf4390cd320a9964a9e9ba4bd100eec9f85766672
SSDEEP

49152:+wJ6bUFSuLjWTrbfQlrd088iG1oO9BDA80xZ8MT+:+wCPc088iG1oO9BDA80xZ8MT+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/hqwco.dll

Files

c3148c6c4b0ecce9c7d07ba57dea96e35acf5f2ef47396c48339bb9a3a07e390
.iso
out.iso
.iso
documents.lnk
.lnk
hqwco.dll
.dll windows:6 windows x64 arch:x64

a5d156f0c03955fd5c90a10345646746

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
CreateFileA
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileInformationByHandle
WriteFile
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleExA
GetProcAddress
SwitchToFiber
DeleteFiber
CreateFiber
LoadLibraryA

Exports

Exports

rBgTBiTTDW

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ