e2c0989780488a53f60d493f59dd63f4f57dc7a68b0aeacae404df9251941c83 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2c0989780488a53f60d493f59dd63f4f57dc7a68b0aeacae404df9251941c83
Size

1.5MB
MD5

791669ee324ee3415c265ff5b20fd675
SHA1

6354dc50ddc2f02aa82552dbd46f317a966ed06d
SHA256

e2c0989780488a53f60d493f59dd63f4f57dc7a68b0aeacae404df9251941c83
SHA512

7dc7a481c5cdd96e710406b17b472862e986d24677b0a4ebba816d16d80276ce717b1dbe6057927e292627d094ad06df2d1742be90b76615c372c385e109b807
SSDEEP

49152:OUpwVTVklWIllYK2pmU7N6hIDaYaDLWiOt:O5TqMIHzhaaXW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2c0989780488a53f60d493f59dd63f4f57dc7a68b0aeacae404df9251941c83

Files

e2c0989780488a53f60d493f59dd63f4f57dc7a68b0aeacae404df9251941c83
.dll windows:5 windows x86 arch:x86

ec5c166598625bce5186b45ef257424e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

1o38Ibj5gBov|KR*fCPGQNPXX7O

Imports

esent

JetMakeKey

urlmon

CoInternetGetSecurityUrl

rpcrt4

RpcBindingSetOption

kernel32

GetModuleFileNameW
GetBinaryTypeW
GetModuleFileNameA
GetModuleHandleW
LocalFlags
VerSetConditionMask
MapViewOfFile
AreFileApisANSI
SwitchToThread
GetProcessVersion
SetSystemTimeAdjustment
LoadLibraryW
TerminateProcess
GetFileSize

gdi32

StretchBlt
FillPath
GetTextCharset
DPtoLP
ExtEscape
RealizePalette

user32

GetSystemMenu
MapWindowPoints
UpdateWindow
GetCursorPos

Exports

Exports

LndcZekhjuimehrbhpe

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ