a106592aef5c53f98bd440d4adbd7800N

Sharing

Copy URL Twitter E-mail

General

Target

a106592aef5c53f98bd440d4adbd7800N
Size

497KB
MD5

a106592aef5c53f98bd440d4adbd7800
SHA1

9bd7dff57722241164d75b0906da10f1ad9de93f
SHA256

fe2c442f6f01d479dd86066090d27495182c7c9880992467577dd95f4b6819ef
SHA512

3a4647b78ca9a1510f2277eb37abf5a3b2377720d9d3e0958295c25ea3a89d11193e2cb23392a3af6b8483e722ceec5dd2e9ca6b52816c6ebe3004d436f0b404
SSDEEP

12288:hr0gbadqqkMZDfkWSEouRC6HqlA5rpwTSq/BQNBPd0eeeeiuadlg:N0gbWqqkMdiHuRC6HqlA5rp3q/BQNBPw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a106592aef5c53f98bd440d4adbd7800N

Files

a106592aef5c53f98bd440d4adbd7800N
.dll windows:4 windows x64 arch:x64

427c4d29f8e28d433ee65fae152a56f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Imports

cygwin1

__cxa_atexit
__locale_ctype_ptr
__memcpy_chk
__stack_chk_fail
__stack_chk_guard
_impure_ptr
calloc
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
free
madvise
malloc
memcmp
memcpy
memmove
memset
mmap
mprotect
munmap
posix_memalign
pthread_mutex_lock
pthread_mutex_unlock
realloc
strchr
strcmp
strlen
strncmp
sysconf
tolower
toupper

kernel32

GetModuleHandleA

Exports

Exports

__gcc_deregister_frame
__gcc_register_frame
_pcre_OP_lengths
_pcre_default_tables
_pcre_find_bracket
_pcre_hspace_list
_pcre_is_newline
_pcre_jit_compile
_pcre_jit_exec
_pcre_jit_free
_pcre_jit_get_size
_pcre_jit_get_target
_pcre_ord2utf
_pcre_ucd_caseless_sets
_pcre_ucd_records
_pcre_ucd_stage1
_pcre_ucd_stage2
_pcre_ucp_gbtable
_pcre_ucp_gentype
_pcre_ucp_typerange
_pcre_utf8_table1
_pcre_utf8_table1_size
_pcre_utf8_table2
_pcre_utf8_table3
_pcre_utf8_table4
_pcre_utt
_pcre_utt_names
_pcre_utt_size
_pcre_valid_utf
_pcre_vspace_list
_pcre_was_newline
_pcre_xclass
pcre_assign_jit_stack
pcre_callout
pcre_compile
pcre_compile2
pcre_config
pcre_copy_named_substring
pcre_copy_substring
pcre_dfa_exec
pcre_exec
pcre_free
pcre_free_study
pcre_free_substring
pcre_free_substring_list
pcre_fullinfo
pcre_get_named_substring
pcre_get_stringnumber
pcre_get_stringtable_entries
pcre_get_substring
pcre_get_substring_list
pcre_jit_exec
pcre_jit_free_unused_memory
pcre_jit_stack_alloc
pcre_jit_stack_free
pcre_maketables
pcre_malloc
pcre_pattern_to_host_byte_order
pcre_refcount
pcre_stack_free
pcre_stack_guard
pcre_stack_malloc
pcre_study
pcre_version

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 624B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

427c4d29f8e28d433ee65fae152a56f4

Headers

File Characteristics

PDB Paths

Imports

cygwin1

kernel32

Exports

Exports

Sections

.text Size: 384KB - Virtual size: 383KB

.data Size: 512B - Virtual size: 128B

.rdata Size: 101KB - Virtual size: 100KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 2KB - Virtual size: 2KB

.xdata Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 624B

.edata Size: 2KB - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 144B

/4 Size: 512B - Virtual size: 24B

.text
Size: 384KB - Virtual size: 383KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 101KB - Virtual size: 100KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 624B

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 144B

/4
Size: 512B - Virtual size: 24B