24e6542c6069a70cc8a731541bf874a77d12687532f3e96ff70e261c3c698a82

Sharing

Copy URL Twitter E-mail

General

Target

24e6542c6069a70cc8a731541bf874a77d12687532f3e96ff70e261c3c698a82
Size

45KB
MD5

af5f787f8927e941174f5d37238e7729
SHA1

4802ef4c6d14296e69ec0a597ac2048b034b0e12
SHA256

24e6542c6069a70cc8a731541bf874a77d12687532f3e96ff70e261c3c698a82
SHA512

85b7b3c1b27a456c8f031cc64bf5d3dfbdc762e2ec21d5b9b620bb6069d9f2765b056b6df31c5a72eaee4b81c58eaf5822790792458fab732e3ac868ef9053a4
SSDEEP

768:5fQnz21R2YsClPdfr+E4xlESGowjT1t7JCBfuWVIKsIQjCBteQbtoXi4z:5fQnzGROIfg4MBGWVHPztJ4z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24e6542c6069a70cc8a731541bf874a77d12687532f3e96ff70e261c3c698a82

Files

24e6542c6069a70cc8a731541bf874a77d12687532f3e96ff70e261c3c698a82
.dll windows:4 windows x64 arch:x64

850ce2b5b30d7a4226ac9520bd3b8190

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CreateProcessAsUserW

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateProcessA
CreateRemoteThread
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
ExitProcess
ExitThread
FindResourceA
FindResourceExA
FreeLibrary
FreeResource
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetThreadPriority
GetWindowsDirectoryA
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MultiByteToWideChar
OpenProcess
ReadFile
ResetEvent
ResumeThread
SetEvent
SetFilePointer
SetLastError
SetThreadPriority
SizeofResource
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAllocEx
VirtualProtect
WaitForSingleObject
WideCharToMultiByte
WriteFile
WriteProcessMemory
lstrcatA
lstrlenA

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

CharLowerBuffW
CharUpperBuffW
MessageBoxA

Exports

Exports

nts

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 72B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 720B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

850ce2b5b30d7a4226ac9520bd3b8190

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

user32

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 37KB

.data Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 7KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 72B - Virtual size: 72B

.reloc Size: 720B - Virtual size: 720B

.text
Size: 37KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 7KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 72B - Virtual size: 72B

.reloc
Size: 720B - Virtual size: 720B