8024e0c8dc287146efa3e291e55d0310N

General

Target

8024e0c8dc287146efa3e291e55d0310N
Size

1.0MB
MD5

8024e0c8dc287146efa3e291e55d0310
SHA1

1cfd98eff21e94d6656b8d1f0c7d9d23367d6585
SHA256

3648c0f5a0982244f17799e6834f7d9127c3ec1f9a2ce395705c2c3ca1893724
SHA512

0f8d76fb096b1009cc5298f10830391e50800f5cd6d0296053bb60d1a3c967708de3a91d579b8dc9124370592ae199357b7116743b71744d687fb6cd8b4c7b4c
SSDEEP

24576:EGFZnpHldMwvhJb1oRaRheV1j5fvU7B7jUsyt+Jl41zu:Rrn7d9vhJb1o1NvU7B7gs4+JC1q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8024e0c8dc287146efa3e291e55d0310N

Files

8024e0c8dc287146efa3e291e55d0310N
.dll windows:6 windows x86 arch:x86

a787c3e88708d59c278652d3acb2fd74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset

kernel32

CloseHandle
CreateProcessW
CreateRemoteThread
CreateToolhelp32Snapshot
DeleteProcThreadAttributeList
GetCurrentProcess
GetThreadContext
GlobalAlloc
GlobalFree
InitializeProcThreadAttributeList
IsWow64Process
OpenProcess
OutputDebugStringW
Process32FirstW
Process32NextW
QueryFullProcessImageNameW
ResumeThread
SetThreadContext
UpdateProcThreadAttribute
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
WaitForSingleObject
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
WriteProcessMemory
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenW

advapi32

AdjustTokenPrivileges
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx

shlwapi

PathFindFileNameW

Exports

Exports

CB_Init

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sign
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a787c3e88708d59c278652d3acb2fd74

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 512B - Virtual size: 76B

.sign Size: 512B - Virtual size: 64B

.reloc Size: 512B - Virtual size: 320B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 512B - Virtual size: 76B

.sign
Size: 512B - Virtual size: 64B

.reloc
Size: 512B - Virtual size: 320B