996a2c528b30b0f82b566ff86bc9d3d1f39bd59f402514da791dff92a75e32f8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

996a2c528b30b0f82b566ff86bc9d3d1f39bd59f402514da791dff92a75e32f8
Size

5.5MB
MD5

08b6a6c6d4ef3036bf2203c5aa93b91d
SHA1

1a615699346d1e5ec215717a2559a26077a4a47c
SHA256

996a2c528b30b0f82b566ff86bc9d3d1f39bd59f402514da791dff92a75e32f8
SHA512

85e10bf49add204f2107b7dd84bab15eb10c53c481a74f9d20a8b6d2ed8ac95056904cfa38deb1d34bf84a4b170c33ee4b39f3e521f551843b76b02731981cad
SSDEEP

98304:AengjdwM3RvCnuIW2rel4XpcRjrDUbWv1twZG0pfCLdnMmnSJjK2bnmr0YWCKN4V:HVnWWeeXkj7wJCLdiFbmrv7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
996a2c528b30b0f82b566ff86bc9d3d1f39bd59f402514da791dff92a75e32f8

Files

996a2c528b30b0f82b566ff86bc9d3d1f39bd59f402514da791dff92a75e32f8
.dll windows:6 windows x86 arch:x86

5d8537330799ac41b51d1da9b43b726c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

FindWindowW
CharUpperBuffW

shell32

CommandLineToArgvW

shlwapi

PathCanonicalizeW

Sections

.text
Size: 430KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.J4B0
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.J4B1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ