ad3de1c1a4c8392748fcc4e151a1359f96f0d47f586bbbb5a7912e56f1458ed1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad3de1c1a4c8392748fcc4e151a1359f96f0d47f586bbbb5a7912e56f1458ed1
Size

275KB
MD5

4701f34c80229658293cfb9fed4db0c4
SHA1

5d4f54e75e89a9c99bd0d46f664bc0a757f6fd47
SHA256

ad3de1c1a4c8392748fcc4e151a1359f96f0d47f586bbbb5a7912e56f1458ed1
SHA512

db794b3294356ce1330c34d4306b76543088dbe19502ba50d3dcc9d8bb0bc5a0e95a37bbb5c195a74a933bb85b359c5a42df57454d1dec7d90197ff82f5af9ec
SSDEEP

6144:VlhzyhoqAEm4bttAQjwkGavm9sng7AnWHnqrhmgs+R0HnJJ:VlshodEm4bPDFGLAgmXNZR0HJ

Score

10^/10

Malware Config

Signatures

Detects Reflective DLL injection artifacts 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_ReflectiveLoader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad3de1c1a4c8392748fcc4e151a1359f96f0d47f586bbbb5a7912e56f1458ed1

Files

ad3de1c1a4c8392748fcc4e151a1359f96f0d47f586bbbb5a7912e56f1458ed1
.exe windows:5 windows x86 arch:x86

4a3346d37db9b7d1b31bc6ad49ecf985

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

TranslateMessage

advapi32

RegCreateKeyExW

comctl32

PropertySheet

Exports

Exports

_ReflectiveLoader@0

Sections

Size: - Virtual size: 88KB

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 472B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE