MACRO[.]asi | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MACRO.asi
Size

8KB
MD5

c1307f44804be39c01612a6c529310f1
SHA1

7cdde4ea692b9be46c522d53431eb5cf80b4980a
SHA256

5c75fd5060e88dc621fef078941998e9894c454e9de866fec9fb388256cd01af
SHA512

68c41b6207e3d782213e2fcd16e6eb4f02a53a0ca1b6b78dd16f4cf25c3d9ec9f5c36e47dfd5e84c062886a1cf2b62a11c1c8c18d2aca7e869329eaa3a908061
SSDEEP

96:wpAfcXdrBMxEvZI+9SYyGJgmrG+jOLi1STJy1Z2szCJKyTg:wGUXdryxEt9VyG6CG+jOW1X1ZVzCJxk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MACRO.asi

Files

MACRO.asi
.dll windows:6 windows x86 arch:x86

3681c34882d924feaba73b30ce89f3f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\DEVS\MyProjects\SAMP\PLUGINS\nop_WR_SiF\Release\nop_WR_SiF.pdb

Imports

kernel32

VirtualProtect
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead

vcruntime140

memset
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table
_initterm_e
_initterm
_register_onexit_function
_crt_atexit
_initialize_narrow_environment
_execute_onexit_table
_cexit

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ