357ef64ca727b014a18227372e5c44868bc42989d7ead16cd99d3a6018c0b94b

Sharing

Copy URL

Twitter E-mail

General

Target

357ef64ca727b014a18227372e5c44868bc42989d7ead16cd99d3a6018c0b94b
Size

407KB
MD5

54768fdcdd189c8ff8f3b3e9fd823366
SHA1

75c0661f2dc591b8f7c08f8260eae45a56d3e438
SHA256

357ef64ca727b014a18227372e5c44868bc42989d7ead16cd99d3a6018c0b94b
SHA512

3aef2916d435dbdd8be1e22755d5ea97f94fdeb19e614bd80ce1cc2a779f383a686001527014c3182de2ec36e8f24c24ae832da1258ee67249ed79ad7c017604
SSDEEP

6144:RCLlm7+2BkmYCd5Zi6lMnieBdI0WDVdFL+GYheMGaNOF1N2JF6udTdytdynf5Ys3:R6nOnDKiePI0kvL3YEFH2JFBedw5jeg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
357ef64ca727b014a18227372e5c44868bc42989d7ead16cd99d3a6018c0b94b

Files

357ef64ca727b014a18227372e5c44868bc42989d7ead16cd99d3a6018c0b94b
.dll regsvr32 windows:6 windows x86 arch:x86

a8c48b50eb80b9c3117aa6794c839a62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Softlost\eventsupply\Parentfirst\Consonant.pdb

Imports

user32

MapWindowPoints
ValidateRect
InvalidateRect
BeginPaint
DestroyMenu
GetSystemMetrics
EmptyClipboard
PostMessageA

kernel32

GetCurrentProcessId
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LocalAlloc
LocalFree
VirtualProtectEx
HeapCreate
HeapAlloc
HeapFree
HeapValidate
CreateThread
Sleep
GetLocalTime
GetWindowsDirectoryA
CreateFileA
MoveFileA
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
GetLastError
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
CreateFileW
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
OutputDebugStringW

Exports

Exports

DllRegisterServer
Warmcompare

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8c48b50eb80b9c3117aa6794c839a62

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 295KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 5KB - Virtual size: 39KB

.rsrc Size: 56KB - Virtual size: 56KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 296KB - Virtual size: 295KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 5KB - Virtual size: 39KB

.rsrc
Size: 56KB - Virtual size: 56KB

.reloc
Size: 6KB - Virtual size: 5KB