258abae703929c22c1b413240ae11c20N

General

Target

258abae703929c22c1b413240ae11c20N
Size

100KB
MD5

258abae703929c22c1b413240ae11c20
SHA1

1e4a42b75c9671e485f9684b0682ecc1719a852f
SHA256

6f06bcf211ebdf5197ff63e7151fb6c9fe5ca34460dab7311aeffb21e5d9ecba
SHA512

d05b6f4c7bd5273bdd8219b1e2f066e1eb86090825273c4fcc9b13d2ae209a7aa7a3108ad9427064af0b91f5d9d5b6d3946ba678a2e4671913a332ab38490ac0
SSDEEP

1536:POum3u0d9wL0lHNTiDm3xYsHpFDtf+11:PPm3u04LGAZsJZtf+11

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
258abae703929c22c1b413240ae11c20N

Files

258abae703929c22c1b413240ae11c20N
.dll windows:4 windows x86 arch:x86

9a831999d07baeeb0fd8c73749b9835b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
SetFilePointer
GetFileSize
ReadFile
WriteFile
FlushFileBuffers
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
Process32Next
GetProcAddress
LoadLibraryA
CreateToolhelp32Snapshot
Sleep
GetLocalTime
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleA
CreateThread
SetStdHandle
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

user32

GetWindowThreadProcessId
GetWindowTextA
GetAsyncKeyState
GetKeyboardState
GetForegroundWindow

Exports

Exports

ModuleStart
ModuleStart64

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a831999d07baeeb0fd8c73749b9835b

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 20KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 20KB

.reloc
Size: 8KB - Virtual size: 6KB