d52de1c29be8668a69af6c98ad86ec46eb94a3b0329e03d9fb44bb703070a771

Sharing

Copy URL Twitter E-mail

General

Target

d52de1c29be8668a69af6c98ad86ec46eb94a3b0329e03d9fb44bb703070a771
Size

30KB
MD5

a1d972a6aa398d0230e577227b28e499
SHA1

153b8e46458bd65a68a89d258997e314fef72181
SHA256

d52de1c29be8668a69af6c98ad86ec46eb94a3b0329e03d9fb44bb703070a771
SHA512

224addb801721708144f5ad1a2e82747b81b4a3c59f30affc16c15f8fa53f1a851ab46588f364ac1aeafa2abae07d36082b08f884577a3f0444cf8418a428685
SSDEEP

384:8QsKODX4iEskSL8FxP5foK+JnS3f/LlFnMEYWeAZMAGvUXUQl+1mJFQWQWq:8xKObwFxRfvCnS3RFnMRJYMO/lgmn6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d52de1c29be8668a69af6c98ad86ec46eb94a3b0329e03d9fb44bb703070a771

Files

d52de1c29be8668a69af6c98ad86ec46eb94a3b0329e03d9fb44bb703070a771
.dll windows:5 windows x64 arch:x64

1243ca478cd707612e82987ff4a72c99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExpandEnvironmentStringsW
SetFilePointer
CreateFileW
GetFileSize
GetEnvironmentVariableW
FindFirstFileW
WriteProcessMemory
FindNextFileW
GetCurrentProcess
FindClose
GetSystemDirectoryW
ResumeThread
OpenProcess
ReadFile
Process32NextW
Process32FirstW
CreateThread
VirtualProtectEx
LocalFree
ReadProcessMemory
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
LoadLibraryExW
WaitForSingleObject
CloseHandle
GetLastError
CreateMutexA
GetProcessHeap
GetProcAddress
HeapAlloc
LoadLibraryA
GetModuleHandleA
CreateToolhelp32Snapshot
HeapFree

advapi32

ConvertSidToStringSidA
EqualSid
IsValidSid
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorDacl
GetUserNameA
InitializeSecurityDescriptor
AdjustTokenPrivileges

shell32

ShellExecuteW

shlwapi

PathAppendW

Exports

Exports

Compressing
Run

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1243ca478cd707612e82987ff4a72c99

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 512B - Virtual size: 124B

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 512B - Virtual size: 124B