ce4e6b05be78dd2bda474ecbf9a17c9a1fe77b4a803069327106e05bf2aef58c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce4e6b05be78dd2bda474ecbf9a17c9a1fe77b4a803069327106e05bf2aef58c
Size

413KB
MD5

2284513bbf6b928b3927b92257168415
SHA1

2dbec91bb51014f85ec939ab7d01ef1c0ea0d3e6
SHA256

ce4e6b05be78dd2bda474ecbf9a17c9a1fe77b4a803069327106e05bf2aef58c
SHA512

ddf25e4f469c6ac3feb34523ae06a0a0379bb6b1254869da752e6b71f9c692c4ab41443222473c8fcd8f27c04cb0f7348203c67db53078bc4762182212efe9af
SSDEEP

12288:kYX5zs/81LQF2m+GAvlH0HHi1Qk29Fer:kfkZZlynk2/e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce4e6b05be78dd2bda474ecbf9a17c9a1fe77b4a803069327106e05bf2aef58c

Files

ce4e6b05be78dd2bda474ecbf9a17c9a1fe77b4a803069327106e05bf2aef58c
.dll windows:4 windows x86 arch:x86

b39f83899975eeb5b2db14b289d7529c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord70
ord8
ord171
ord125
ord17
ord211
ord145
ord74

kernel32

RemoveDirectoryA
RemoveDirectoryW
FindFirstFileA
FindClose
FindFirstFileW
GetComputerNameA
GetVersionExW
WaitForSingleObject
GetComputerNameW

comdlg32

GetOpenFileNameW
GetOpenFileNameA

advapi32

GetUserNameW
GetUserNameA

shell32

SHFileOperationA
ShellExecuteExA
ShellExecuteExW
SHFileOperationW

Exports

Exports

DeleteExtractionPath
DeleteLZMAFiles
ExpandExtractionPath
ExtractLZMAFiles
FindEXE

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ