3e55b359868f542ee05b0506b6e35d22283c8c61fcd6796714dc76f00bda89c1

Sharing

Copy URL Twitter E-mail

General

Target

3e55b359868f542ee05b0506b6e35d22283c8c61fcd6796714dc76f00bda89c1
Size

223KB
MD5

c9d0fdc7c3be5e9dafbf3590840d10a2
SHA1

fc4fb58ace2bbc837ddadc2374aa432bd9176862
SHA256

3e55b359868f542ee05b0506b6e35d22283c8c61fcd6796714dc76f00bda89c1
SHA512

a43cfbb3a2926e418b2657f3226a74cd4441739172895be76f81533b1456e3f48124058736593715c04dbf8a3912ae7add5f21ca9f9fc46f56f742de9ceba03d
SSDEEP

6144:AMraliaNJEinyDph5wfhNQegJLYOL3Xx:SlXNzyDyat

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e55b359868f542ee05b0506b6e35d22283c8c61fcd6796714dc76f00bda89c1

Files

3e55b359868f542ee05b0506b6e35d22283c8c61fcd6796714dc76f00bda89c1
.dll windows:6 windows x64 arch:x64

48eaa73448932163f0aa17bc6f27dfcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Documents\vcpkg\buildtrees\rhash\x64-o2-windows-rel\rhash.pdb

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
strchr
memset
memcpy

api-ms-win-crt-stdio-l1-1-0

fclose
_wfsopen
feof
fread
fopen
ferror

api-ms-win-crt-runtime-l1-1-0

_cexit
_errno
_seh_filter_dll
_initialize_onexit_table
_initterm_e
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_execute_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
free
_aligned_malloc
_aligned_free
realloc

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

_strdup

kernel32

GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent

Exports

Exports

rhash_count
rhash_export
rhash_file
rhash_file_update
rhash_final
rhash_free
rhash_get_digest_size
rhash_get_hash_length
rhash_get_magnet_name
rhash_get_name
rhash_import
rhash_init
rhash_init_multi
rhash_is_base32
rhash_library_init
rhash_msg
rhash_print
rhash_print_bytes
rhash_print_magnet
rhash_reset
rhash_set_callback
rhash_torrent_add_announce
rhash_torrent_add_file
rhash_torrent_generate_content
rhash_torrent_get_default_piece_length
rhash_torrent_set_batch_size
rhash_torrent_set_options
rhash_torrent_set_piece_length
rhash_torrent_set_program_name
rhash_transmit
rhash_update
rhash_wfile

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48eaa73448932163f0aa17bc6f27dfcc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 51KB - Virtual size: 52KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 448B

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 51KB - Virtual size: 52KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 448B