658c91b45b8e87ff09ec2085b290fca904c7214585e98e56fa34eb94b5216804 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

658c91b45b8e87ff09ec2085b290fca904c7214585e98e56fa34eb94b5216804
Size

5KB
MD5

98c9186056705c16385ca88b967161e3
SHA1

cf6bbb2af57dd6595edb24117cd5db671f43f6eb
SHA256

658c91b45b8e87ff09ec2085b290fca904c7214585e98e56fa34eb94b5216804
SHA512

b2e055f2df2dd2c3b79d49408dee8e66078d4aa9ef326f688d7b82b10fa9d63d044504385f68c21dcd7d117e2745f1583b84f99f2fff0e96f44ee155b977b842
SSDEEP

48:CDiU564w/FtH4gZVpKjEsaFqXnhsXBgCoCq1E1cgQtgyqm056n6:0r+V8jEKnoBg9yyqmq6n6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
658c91b45b8e87ff09ec2085b290fca904c7214585e98e56fa34eb94b5216804

Files

658c91b45b8e87ff09ec2085b290fca904c7214585e98e56fa34eb94b5216804
.dll windows:4 windows x64 arch:x64

9ad43a3e2de04a6b9144b8439cd2c7f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\Temp\builds\mod_perl-2.0.10\blib\arch\auto\APR\Const\Const.pdb

Imports

perl526

Perl_xs_boot_epilog
Perl_newXS
Perl_xs_handshake
Perl_get_cv

msvcrt

malloc
free
_initterm

kernel32

GetTickCount
DisableThreadLibraryCalls
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter

Exports

Exports

boot_APR__Const

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ