21ff6db5a01c00b644dcb01510f9a7ed96ef21ff60bb97993bb74fd5f10b1dca | Triage

Sharing

General

Target

21ff6db5a01c00b644dcb01510f9a7ed96ef21ff60bb97993bb74fd5f10b1dca
Size

28KB
MD5

2886edaa6e18fe22a0e826d4386ce42c
SHA1

5442d9230b65d4217e87d4ff9efedf8184f508c5
SHA256

21ff6db5a01c00b644dcb01510f9a7ed96ef21ff60bb97993bb74fd5f10b1dca
SHA512

def441df1076aada196f71d03c780fd57491857fca09f0e382b2a549bf5b413a62b0b7ce97d6e2b3b2b511c559f89a7cc35426f161e7718a2a6526af1824989d
SSDEEP

192:WLGqhQtueGfhMpbPjZ3QILM/cfRiNghJ2q:WLG1t4fqFPecfQqhv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21ff6db5a01c00b644dcb01510f9a7ed96ef21ff60bb97993bb74fd5f10b1dca

Files

21ff6db5a01c00b644dcb01510f9a7ed96ef21ff60bb97993bb74fd5f10b1dca
.dll windows:4 windows x86 arch:x86

da766e3ad698cdd7fc05ba0f83ed0383

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetProcessHeap
GetCommandLineA
WriteProcessMemory

msvcrt

atoi
strrchr
_ftol
strchr

user32

GetMessageA
PeekMessageA
DispatchMessageA
wsprintfA
MessageBoxA
TranslateMessage

Exports

Exports

vskongbai

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 771B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 786B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ