2008d5bd611eecc69ff748d3a41f40d0N

General

Target

2008d5bd611eecc69ff748d3a41f40d0N
Size

212KB
MD5

2008d5bd611eecc69ff748d3a41f40d0
SHA1

6d0a0c7084d14ea0cb5a742ddfe4509bc54ff8b2
SHA256

7b192e0af243ff8d4a8d8925b0244a41a5d3752914da1185befcf34de1e1cbe7
SHA512

9cf646a6f47c1a05a47dfd2229f49197e13fe6ebacaa5f5f054e85173f7824c9e8b897087a73b7f724d82e436a1f4d33d869f48f0508551a810b1b5ba9c09880
SSDEEP

6144:aakU0rw8gJeCDRiYpKwatAqLmVZRO4Zs:9kUsw8MiYWezZ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2008d5bd611eecc69ff748d3a41f40d0N

Files

2008d5bd611eecc69ff748d3a41f40d0N
.dll windows:4 windows x86 arch:x86

2d29d100e282078c30d29f926f7c8fb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

PDB Paths

about.pdb

Imports

kernel32

VirtualProtect
AreFileApisANSI
GetOverlappedResult
Module32FirstW
GetFirmwareEnvironmentVariableA
EnumSystemGeoID
DeleteCriticalSection
OpenJobObjectA
GetVolumeNameForVolumeMountPointW
FindFirstVolumeMountPointA
CloseHandle
ReadFile
CreateFileW
GetCurrentProcess
IsDebuggerPresent
GlobalFindAtomA
AddAtomA
GlobalAddAtomW
CreateConsoleScreenBuffer
GetVersionExA
lstrcpyW
LoadLibraryW
GetCommandLineW
GetLocalTime
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
RaiseException

mprapi

MprAdminConnectionGetInfo
MprConfigInterfaceDelete
MprConfigServerConnect
MprAdminUserRead
MprAdminIsDomainRasServer
MprAdminInterfaceGetInfo
MprAdminUpgradeUsers
MprConfigTransportCreate
MprAdminInterfaceCreate

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d29d100e282078c30d29f926f7c8fb2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mprapi

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 204KB

.rsrc Size: 156KB - Virtual size: 154KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 204KB

.rsrc
Size: 156KB - Virtual size: 154KB

.reloc
Size: 4KB - Virtual size: 1KB