636ae3dd4b848ce655ba6189eae23148cf6f7e8b669a38b5e68575437963736d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

636ae3dd4b848ce655ba6189eae23148cf6f7e8b669a38b5e68575437963736d
Size

180KB
MD5

046f373b4d2177234447aeff329f8835
SHA1

5d1ca9ce492b1ab37ef7d0e9be514fc7e557cb27
SHA256

636ae3dd4b848ce655ba6189eae23148cf6f7e8b669a38b5e68575437963736d
SHA512

acd0421d1d28e5f8f99b38caa023262336e4ae82a5bd1450d90482fb3e053455314896df6af20ac6c77ada5b56a90ff9dfa3f54cb60aac0e8419242d2b41d41c
SSDEEP

3072:XvDP+54+qIf2FNIk5KZeIGKRyJiZF2luhD+9Nj6N0AMdqlBGOJkVLaO:X72O7IOoZJRwiZFa++ksqTGb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
636ae3dd4b848ce655ba6189eae23148cf6f7e8b669a38b5e68575437963736d

Files

636ae3dd4b848ce655ba6189eae23148cf6f7e8b669a38b5e68575437963736d
.dll windows:4 windows x86 arch:x86

d82b3abe5b5278dcc0e967c10951bfae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

specify.pdb

Imports

kernel32

SetConsoleMaximumWindowSize
GetConsoleAliasW
RegisterWowExec
CompareStringA
GetDiskFreeSpaceExA
WriteConsoleOutputW
SetVolumeMountPointA
QueryPerformanceCounter
EnumResourceLanguagesA
SetMailslotInfo
ReadConsoleA
RtlCaptureContext
_lcreat
VirtualProtect

dnsapi

Dns_PingAdapterServers
DnsValidateName_UTF8
DnsApiRealloc
Dns_SkipToRecord
CombineRecordsInBlob
DnsIsStringCountValidForTextType
Query_Main
DnsRecordStringForType
Dns_FindAuthoritativeZoneLib
DnsValidateName_A
DnsDhcpSrvRegisterInitialize
DnsQueryConfig
DnsCopyStringEx
DnsApiSetDebugGlobals
DnsDhcpSrvRegisterTerm

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ