a3b89ada124f709a80611a41bbec8e60N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3b89ada124f709a80611a41bbec8e60N
Size

337KB
MD5

a3b89ada124f709a80611a41bbec8e60
SHA1

3ab31fde41617cc02a70bdfd9bdcf872d8eda749
SHA256

55d02ae4109142f2d854364c24bc1d43a0e1f8c8a2a38c3e866f8c8512535884
SHA512

028b1e21a2f0c352f9c4327eaa5964d80aae479bf57952ce889c4e0fa571bfacd77ce07c7c43aa2bded792c672ce80a805444d000cc9b1b0870f45336cf014b5
SSDEEP

1536:2Ux6MPhZhLD7vQbW20AcIvZNOJUU/29vXEzIy/4D61HAjBzZYbss/67nZ0V5BIQ7:HxRb7vx2rWJUU/I/23Uuvh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3b89ada124f709a80611a41bbec8e60N

Files

a3b89ada124f709a80611a41bbec8e60N
.dll windows:6 windows x86 arch:x86

88d0c8baf81317c8274cc2cc88e50a41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
memcpy
malloc
free

shlwapi

PathMatchSpecA
PathFindFileNameW
UrlUnescapeW
StrCSpnW
PathIsUNCServerW

kernel32

GetModuleHandleW
GetProcAddress

wsnmp32

ord600
ord107
ord300
ord102
ord999
ord502
ord104
ord504
ord205

mscms

CreateColorTransformW
CreateMultiProfileTransform
CreateColorTransformA
SelectCMM
CreateProfileFromLogColorSpaceA
UninstallColorProfileW

mswsock

GetNameByTypeA
s_perror
GetServiceW
NPLoadNameSpaces
inet_network
rresvport
getnetbyname

ws2_32

getpeername
getsockopt
setsockopt
WSAEnumProtocolsW
WSACreateEvent
ntohl
WSAEnumNameSpaceProvidersA
shutdown
connect

Exports

Exports

HvTkcoed

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE