acb4007ac2eb34445394cbe66bd45782ff77119e05e5aa2b58567ef3a07b7755 | Triage

Sharing

General

Target

acb4007ac2eb34445394cbe66bd45782ff77119e05e5aa2b58567ef3a07b7755
Size

3.8MB
MD5

bbe0958c3bea6bf0717eb82223188729
SHA1

7ee625bb04b387273e09627c9971327de246e3aa
SHA256

acb4007ac2eb34445394cbe66bd45782ff77119e05e5aa2b58567ef3a07b7755
SHA512

3db00952d531ec81e3ec345e444a4a08ff578fcc175ca4e091de83ce71da4777b9dea863f3700027dc93dc63a25f5473c0e98ef2cdf56d2d03543b56e86363e3
SSDEEP

98304:YJ6uGObJRXJ/ygZOrclKYuAqInRJQaimEEiuJO/aGpg:lUbJagZOrclbRqIRMRu0/aUg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/9hloq0.dll

Files

acb4007ac2eb34445394cbe66bd45782ff77119e05e5aa2b58567ef3a07b7755
.iso
out.iso
.iso
9hloq0.dll
.dll windows:6 windows x64 arch:x64

0c85cc919aa73be02e9d5d942c58302e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
FindFirstFileA
FindNextFileA
LockFile
UnlockFile
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
CreateThread
GetCurrentThreadId
FreeLibrary
GetModuleFileNameA
GetModuleHandleExA
GetProcAddress
CreateFileMappingA
LoadLibraryA
CreateActCtxA
ReleaseActCtx
ActivateActCtx
DeactivateActCtx

Exports

Exports

VcrbRMwpuk

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
documents.lnk
.lnk