02f460d54954fb6707f09f85af43e5bdd3235304a5c45e4fd3380bcc8af60d9c

Sharing

Copy URL

Twitter E-mail

General

Target

02f460d54954fb6707f09f85af43e5bdd3235304a5c45e4fd3380bcc8af60d9c
Size

407KB
MD5

67041e384a2f9eb452eff269360dd98d
SHA1

c18fca85bda1be2801b7fa9e41aa8368c6a7f1fd
SHA256

02f460d54954fb6707f09f85af43e5bdd3235304a5c45e4fd3380bcc8af60d9c
SHA512

511a2e744646e208fb4e4a3ad75343b1862bb8a8f61ade04ccb24c6e886d42fdff4280103e04b3b2f7ac42c5bb759cd07ed439799ec33eb92d60771bda3c6d4a
SSDEEP

6144:RCLqm7+2BkmYCd5Zi6lMnieBdI0WDVdFL+GYheMGaNOF1N2JF6udTdytdynf5Ys3:RpnOnDKiePI0kvL3YEFH2JFBedw5jeg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
02f460d54954fb6707f09f85af43e5bdd3235304a5c45e4fd3380bcc8af60d9c

Files

02f460d54954fb6707f09f85af43e5bdd3235304a5c45e4fd3380bcc8af60d9c
.dll regsvr32 windows:6 windows x86 arch:x86

a8c48b50eb80b9c3117aa6794c839a62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Softlost\eventsupply\Parentfirst\Consonant.pdb

Imports

user32

MapWindowPoints
ValidateRect
InvalidateRect
BeginPaint
DestroyMenu
GetSystemMetrics
EmptyClipboard
PostMessageA

kernel32

GetCurrentProcessId
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LocalAlloc
LocalFree
VirtualProtectEx
HeapCreate
HeapAlloc
HeapFree
HeapValidate
CreateThread
Sleep
GetLocalTime
GetWindowsDirectoryA
CreateFileA
MoveFileA
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
GetLastError
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
CreateFileW
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
OutputDebugStringW

Exports

Exports

DllRegisterServer
Warmcompare

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8c48b50eb80b9c3117aa6794c839a62

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 295KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 5KB - Virtual size: 39KB

.rsrc Size: 56KB - Virtual size: 56KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 296KB - Virtual size: 295KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 5KB - Virtual size: 39KB

.rsrc
Size: 56KB - Virtual size: 56KB

.reloc
Size: 6KB - Virtual size: 5KB