f8ff1e1760041cfcc2516d2d9729eec0N | Triage

Sharing

General

Target

f8ff1e1760041cfcc2516d2d9729eec0N
Size

210KB
MD5

f8ff1e1760041cfcc2516d2d9729eec0
SHA1

c025c58fc498f984d8053c5718737037c8b9b0a9
SHA256

6e51f9a0d68d559ad556777e48b41db597a4da5cfa57f1a907bbcd19ebe0a4b3
SHA512

53cb12adf4651589aaf6420895abcf9de2502a42151c50dd0acfa78b09e1132cc98246bb4d74a5383fa48a68b5751f00a5501c0184b7bca4faf57668f081b8e0
SSDEEP

3072:s9Yhg1i//ox+rmBceAOHUZDO6haenOpqQJUKSJ9WNAX:s9Y21i/zGmsMm1vSDWN0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8ff1e1760041cfcc2516d2d9729eec0N

Files

f8ff1e1760041cfcc2516d2d9729eec0N
.dll windows:5 windows x86 arch:x86

9a83a05f751d90a83ed0413e0d8eb676

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegLoadAppKeyW

kernel32

GenerateConsoleCtrlEvent
IsBadStringPtrA
GetModuleHandleA
CloseHandle
OutputDebugStringA
LoadLibraryA
LoadLibraryExA

user32

TranslateMessage
RegisterDeviceNotificationW

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 132KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ