f2998c4a68ab6c9c2c0b3cbc6f6dd6f73f9ad4b01e9b19eb320c24792bf83ab8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f2998c4a68ab6c9c2c0b3cbc6f6dd6f73f9ad4b01e9b19eb320c24792bf83ab8
Size

1.7MB
MD5

9a7e9b669485594bb67b5efddb30980b
SHA1

e46e20f44fcbba002757ec4aa4143bdadbbd882e
SHA256

f2998c4a68ab6c9c2c0b3cbc6f6dd6f73f9ad4b01e9b19eb320c24792bf83ab8
SHA512

c3e7a246b130ff06558445256e493d1919b8171d739ef8b68f28b8628c25ea01b9a4d9c6521c2abccdf349db022e54d005418a25ae2b83f9e25dc6f75f431777
SSDEEP

24576:XH0Fccp+sv1DBw/rAso0SwBzWdmwwkv0LrRz0EPP5LIv4x4ZotCR8dQDe+b/z6nS:XH0xpSo/wtnkvKRQlv4f8PL/IPWweNr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2998c4a68ab6c9c2c0b3cbc6f6dd6f73f9ad4b01e9b19eb320c24792bf83ab8

Files

f2998c4a68ab6c9c2c0b3cbc6f6dd6f73f9ad4b01e9b19eb320c24792bf83ab8
.dll windows:6 windows x64 arch:x64

ced7f8abe1cb1d01983ed6997436d1d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile

iphlpapi

GetInterfaceInfo

msvcrt

_wcsnicmp

psapi

GetMappedFileNameW

user32

GetWindow

advapi32

RegSetValueExA

shell32

SHGetFolderPathW

Exports

Exports

Main
invalid
run

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ