0269b0522a3255607a8dbfb4813ef8d6792f43fed1e47f54de8768474553d515

Sharing

Copy URL Twitter E-mail

General

Target

0269b0522a3255607a8dbfb4813ef8d6792f43fed1e47f54de8768474553d515
Size

16KB
MD5

83144879af546c8d1f764797fd4aec3c
SHA1

789fe32495c6ec6dddcca872a67f869c287ed55d
SHA256

0269b0522a3255607a8dbfb4813ef8d6792f43fed1e47f54de8768474553d515
SHA512

e88f11fe23760aafda77ae84e830b03c18e5d2b3a9a2dbd99e82234c5dfa405920fec13272f73ffa80735bfcee93c72e8b37a7e0c58f596e7a6f39eee34b81c4
SSDEEP

384:KqYK/zY4+Wla2fYr7ByhGJT5InTTjOb1p9CS2+Lv4:Kqv/ct/2fYr7QhGATI1yD+j4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0269b0522a3255607a8dbfb4813ef8d6792f43fed1e47f54de8768474553d515

Files

0269b0522a3255607a8dbfb4813ef8d6792f43fed1e47f54de8768474553d515
.dll windows:6 windows x86 arch:x86

0687886681b970169aac35feb4a1dc87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetShortPathNameW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

core_rl_magickcore_

AcquireMagickMemory
AcquireUniqueSymbolicLink
AcquireUniqueFilename
ThrowMagickException
LocaleCompare
LocaleNCompare
FormatLocaleString
AcquireString
DestroyString
ConcatenateMagickString
CopyMagickString
AcquireImage
CloneImage
DestroyImage
CloneImageInfo
DestroyImageInfo
BlobToFile
FileToBlob
GetDelegateCommands
GetDelegateInfo
ExternalDelegateCommand
AcquireUniqueFileResource
AcquireQuantumMemory
RelinquishMagickMemory
NTLongPathsEnabled
CloseBlob
OpenBlob
ReadImage
WriteImage
IsEventLogging
LogMagickEvent
RegisterMagickInfo
UnregisterMagickInfo
AcquireMagickInfo
CloneImageList
DestroyImageList
GetNextImageInList
GetImageOption
RelinquishUniqueFileResource

vcruntime140

memset
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

_close
_fileno
__acrt_iob_func
_write
_wsopen_dispatch
_read

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_cexit
_initterm
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_execute_onexit_table
_errno

api-ms-win-crt-string-l1-1-0

strspn
strncmp

api-ms-win-crt-filesystem-l1-1-0

_fstat64

Exports

Exports

RegisterVIDEOImage
UnregisterVIDEOImage

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0687886681b970169aac35feb4a1dc87

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

core_rl_magickcore_

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 924B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 924B