ada619a43d8322fc590b9a87d24ef8d6b215870671c4b1ab9303b179f205c273

General

Target

ada619a43d8322fc590b9a87d24ef8d6b215870671c4b1ab9303b179f205c273
Size

5.4MB
MD5

2365ff3fe264399377f6ec587217cf51
SHA1

9aad8d375a8d367d54b2716550e17b309d640674
SHA256

ada619a43d8322fc590b9a87d24ef8d6b215870671c4b1ab9303b179f205c273
SHA512

638847d30b9eb6fbb2f52bfe8a69faad607bfc179560a753980a5ca6507768a38f1e80dcdde3def33a877ffa50406e74838b2729d56b42dde26c447dbca796d4
SSDEEP

98304:VLrAisP2q1KUqWSCCZR6lp0TS3HKUwOduW+CwEtG8X0VwwqzQMhk8KEjHg90Maok:GiLqMUqXCCz6lp0TS3HKUwOcW+CPtfEm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ada619a43d8322fc590b9a87d24ef8d6b215870671c4b1ab9303b179f205c273

Files

ada619a43d8322fc590b9a87d24ef8d6b215870671c4b1ab9303b179f205c273
.dll windows:6 windows x86 arch:x86

4c939c5a83313d4241d2f58424179d18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ntdll

RtlImageDirectoryEntryToData

Exports

Exports

FixPEMd5
IACEncrypt
IsService
Is_token
WadClose
WadIint
WadOpen
WadRead
exit_process
get_open_id
get_token
init_Iac_client
log_on_token
ned_token
off_token
tick

Sections

.text
Size: 214KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.C
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.(
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c939c5a83313d4241d2f58424179d18

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

Exports

Exports

Sections

.text Size: 214KB - Virtual size: 216KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 9KB - Virtual size: 12KB

.C Size: 1.6MB - Virtual size: 1.6MB

.( Size: 512B - Virtual size: 4KB

.! Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 1024B - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 214KB - Virtual size: 216KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 9KB - Virtual size: 12KB

.C
Size: 1.6MB - Virtual size: 1.6MB

.(
Size: 512B - Virtual size: 4KB

.!
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB