a92c28589b83f3a4a96827b6d3c930f6b3264e8c28721210a02739dd2f9bdea7

Sharing

Copy URL Twitter E-mail

General

Target

a92c28589b83f3a4a96827b6d3c930f6b3264e8c28721210a02739dd2f9bdea7
Size

57KB
MD5

6c436d9ab70a0761438e710eb65b6966
SHA1

a91ede2b387d13d605765fc43c81ce169797e597
SHA256

a92c28589b83f3a4a96827b6d3c930f6b3264e8c28721210a02739dd2f9bdea7
SHA512

d9047dc22784c412bc6515f720301e18564054b97582c77c95ee958d4463065dcde64d994bfdb9c672a252cf9386323fa9f9edcba0c36f6f9b616a98f7466005
SSDEEP

768:PLlVFp7rI0ihuCmJCHOPbSTeWyvfS8syBzTdFmxiR6YSXAe9RS+8+U1pKwoneANg:PZV1ih7EGSWyvAqmxiYVepFsB86

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a92c28589b83f3a4a96827b6d3c930f6b3264e8c28721210a02739dd2f9bdea7

Files

a92c28589b83f3a4a96827b6d3c930f6b3264e8c28721210a02739dd2f9bdea7
.dll windows:6 windows x86 arch:x86

bf2d6c964916732dbaadb13fb96dd4b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\source\0\series6\WOLF\Cockpit\SystemFrameworksProjects\ImageLibrary\ImageMagick\bin\CORE_RL_bzlib_.pdb

Imports

vcruntime140

__current_exception
__std_type_info_destroy_list
__current_exception_context
_except_handler4_common
memset

api-ms-win-crt-stdio-l1-1-0

ungetc
fwrite
fread
fopen
fgetc
fflush
ferror
fclose
__acrt_iob_func
_setmode
_fileno
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_crt_at_quick_exit
_cexit
terminate
_configure_narrow_argv
_seh_filter_dll
_initterm_e
exit
_crt_atexit
_execute_onexit_table
_initterm

api-ms-win-crt-string-l1-1-0

isdigit

api-ms-win-crt-math-l1-1-0

_fdopen

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

Exports

Exports

BZ2_bzBuffToBuffCompress
BZ2_bzBuffToBuffDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit
BZ2_bzRead
BZ2_bzReadClose
BZ2_bzReadGetUnused
BZ2_bzReadOpen
BZ2_bzWrite
BZ2_bzWriteClose
BZ2_bzWriteClose64
BZ2_bzWriteOpen
BZ2_bzclose
BZ2_bzdopen
BZ2_bzerror
BZ2_bzflush
BZ2_bzlibVersion
BZ2_bzopen
BZ2_bzread
BZ2_bzwrite

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf2d6c964916732dbaadb13fb96dd4b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB