a4b2b9fc3e1f31b36a799145816fdbf6698239b4d544361bc9e9451123d621de

Sharing

Copy URL

Twitter E-mail

General

Target

a4b2b9fc3e1f31b36a799145816fdbf6698239b4d544361bc9e9451123d621de
Size

166KB
MD5

e199ed7d98e468dcc8340df1f0dff14c
SHA1

1cb029da465634797310e1f4fb6f016c809d13fb
SHA256

a4b2b9fc3e1f31b36a799145816fdbf6698239b4d544361bc9e9451123d621de
SHA512

8574cd7d237e9f8f535f956a4c68158395caf243e9b17203d90b8e80b4cf07c4deda1c33b2d5f63a1e1edf3437d3d062dd29f2237837b2b3996131fa93fe5f9d
SSDEEP

3072:nwH0WGeV3AaC7ydwgaRUqpVURkr1EhnzAPJvgb:n40o3AaCeyQRS1ElsJvg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a4b2b9fc3e1f31b36a799145816fdbf6698239b4d544361bc9e9451123d621de

Files

a4b2b9fc3e1f31b36a799145816fdbf6698239b4d544361bc9e9451123d621de
.dll windows:5 windows x86 arch:x86

d1378d5a10bf01f0d3ac274c53059630

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

��
��
��
��
��
��
��ͬ��
��
��
��
��
��
��
��
��
��
��
��
��ͱ��
��͹��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��ͱ��
��͹��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��

user32

��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��

gdi32

��
��
��
��
��

advapi32

��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��

shell32

ord680
��

ws2_32

getpeername
inet_ntoa
ntohs
WSAStartup
htons
socket
closesocket
��
inet_addr

shlwapi

��
��
��
��
��
��
��
��
��
��

ntdll

��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��

crypt32

��
��
��
��
��
��
��
��
��
��
��
��
��
��
��

msvcrt

��
��
��
��
��
��
��
��
��
��
��

winhttp

��
��
��
��
��
��
��

ole32

��

gdiplus

��
��
��
��
��
��

winscard

��
��
��
��
��
��

iphlpapi

��

wintrust

��

wininet

��
��
��
��
��
��
��
��
��
��
��

urlmon

��

netapi32

��
��
��
��
��

userenv

��

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1378d5a10bf01f0d3ac274c53059630

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

shlwapi

ntdll

crypt32

msvcrt

winhttp

ole32

gdiplus

winscard

iphlpapi

wintrust

wininet

urlmon

netapi32

userenv

Sections

.text Size: 116KB - Virtual size: 116KB

code Size: 8KB - Virtual size: 7KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 18KB - Virtual size: 40KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 116KB - Virtual size: 116KB

code
Size: 8KB - Virtual size: 7KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 18KB - Virtual size: 40KB

.reloc
Size: 5KB - Virtual size: 5KB