56aee52f4940412abcd9a15efb5e9c1df00cc3fe505482d62b9ed78f471eb3aa | Triage

Sharing

General

Target

56aee52f4940412abcd9a15efb5e9c1df00cc3fe505482d62b9ed78f471eb3aa
Size

360KB
MD5

726752194a382cd9d540b4976d524947
SHA1

9b6a2be0a893705c4cc8b8eb40036686d46e9bb1
SHA256

56aee52f4940412abcd9a15efb5e9c1df00cc3fe505482d62b9ed78f471eb3aa
SHA512

385793ac0d0157c8ee7d1592f911aa836ee754fb5997b97d8427a5e451334e4689452f0ba964ebc011475bec6b3d36590e31d273983e9a1b710952920e837fee
SSDEEP

6144:9mRdC6xhlEgUBgi1Ew8jvilWd6A5A5hMj:9mRdCiFagiQjgdAshMj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56aee52f4940412abcd9a15efb5e9c1df00cc3fe505482d62b9ed78f471eb3aa

Files

56aee52f4940412abcd9a15efb5e9c1df00cc3fe505482d62b9ed78f471eb3aa
.dll windows:4 windows x64 arch:x64

f3d2992a35e8653c5fc5c5d98cccde11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

prevent.pdb

Imports

kernel32

HeapUnlock
GetDllDirectoryA
GlobalWire
LCMapStringW
GetSystemDefaultLCID
EndUpdateResourceA
FindFirstVolumeMountPointW
SetCalendarInfoA
FindResourceExA

imgutil

IdentifyMIMEType
SniffStream
DitherTo8

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ