604c42d0f37d753cde1c93f6ae1c13762c3ca7553cd5cdf5843c14c2b6365462

Sharing

Copy URL

Twitter E-mail

General

Target

604c42d0f37d753cde1c93f6ae1c13762c3ca7553cd5cdf5843c14c2b6365462
Size

112KB
MD5

2e242297dcb6f6600bd52a0d9e86d86d
SHA1

b0aa5dcb62fc3008cb8a55385d0bc9753b101b65
SHA256

604c42d0f37d753cde1c93f6ae1c13762c3ca7553cd5cdf5843c14c2b6365462
SHA512

cd4abbe774e4faa79300264c9ff63a916611643feea0bd88823593de2950fac97e8d3abfe86d04eafa684fc3bad3a055dc148229e28a4da1fc531d620acc888f
SSDEEP

3072:kZ3or4Qaxc9SAEJIzp6SIyQUTU2WFIZzvC:kZ3O4Q1SzC69yQUTx4I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
604c42d0f37d753cde1c93f6ae1c13762c3ca7553cd5cdf5843c14c2b6365462

Files

604c42d0f37d753cde1c93f6ae1c13762c3ca7553cd5cdf5843c14c2b6365462
.dll windows:1 windows x86 arch:x86

d9d5bb5447ba09eb2f79685d0746816c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetCurrentThreadId
GetTickCount
GetVersion
EnterCriticalSection
ExitProcess
CreateFileA
DeviceIoControl
FindNextFileA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
FindClose
CloseHandle
GetVersionExA
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetComputerNameA
FindFirstFileA
CreateEventA
GlobalAlloc
GetDateFormatA
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
GetStringTypeW

user32

CharLowerBuffA
PostMessageA
OemToCharBuffA
MessageBoxA
MessageBeep
GetQueueStatus
GetFocus
SetFocus
EnumThreadWindows

Exports

Exports

ActivateDexisSensor
CloseDexis
GetDexisDIB
GetDexisImageCorrection
GetDexisImageValues
GetDexisNoiseValues
GetDexisPixels
GetDexisSensor
GetDexisSensorColor
HasDexisSensor
InitDexis
OpenDexis
PrepDexis
SetDexisSensor
TestDexis
TestDexisInSequence

Sections

CODE
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d9d5bb5447ba09eb2f79685d0746816c

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: 89KB - Virtual size: 92KB

DATA Size: 12KB - Virtual size: 28KB

TLS Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 4KB

CODE
Size: 89KB - Virtual size: 92KB

DATA
Size: 12KB - Virtual size: 28KB

TLS
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 4KB