9658a3ad2e2c8bd1854254f03aa300c344d62e96e5b15f87edf37c5663cb59a4

Sharing

Copy URL Twitter E-mail

General

Target

9658a3ad2e2c8bd1854254f03aa300c344d62e96e5b15f87edf37c5663cb59a4
Size

27KB
MD5

06820ba6199fddb77df15bac6245058d
SHA1

f6b43e896194e6e94f7d2bc0908cf3d5ca6ffc43
SHA256

9658a3ad2e2c8bd1854254f03aa300c344d62e96e5b15f87edf37c5663cb59a4
SHA512

d80d1f6eefe77221a49edba446c27dbe791da3cf6960855e61e2fd17e2955e6e496bb53ebb16a9195ade3e62f5c054c7743846b8c84b91aaa2f4ffc1c0bd877c
SSDEEP

768:O7xKyezbSWgvpVbMnyKwdz/5XoCyMJxMqt:DLOvKwdzBX5rt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9658a3ad2e2c8bd1854254f03aa300c344d62e96e5b15f87edf37c5663cb59a4

Files

9658a3ad2e2c8bd1854254f03aa300c344d62e96e5b15f87edf37c5663cb59a4
.dll windows:5 windows x64 arch:x64

66447c5282fb7c378e5360d3b7b89948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

perl538

Perl_av_push
Perl_sv_setsv_flags
Perl_my_snprintf
Perl_sv_2iv_flags
Perl_ninstr
Perl_vwarner
Perl_sv_backoff
Perl_save_pushptr
Perl_mg_get
Perl_mg_find
PL_charclass
Perl_sv_upgrade
Perl_more_sv
Perl_sv_catpvf
Perl_hv_common_key_len
Perl_more_bodies
Perl_newXS
Perl_sv_setpvn
Perl_av_len
Perl_av_fetch
Perl_croak_xs_usage
Perl_sv_setpvf
Perl_croak
Perl_gv_stashsv
Perl_sv_isobject
Perl_gv_stashpvn
Perl_newSVpvf
Perl_sv_2bool_flags
Perl_ckwarn
Perl_sv_bless
Perl_sv_free2
Perl_xs_boot_epilog
Perl_xs_handshake
Perl_croak_nocontext
Perl_newSViv
Perl_sv_2mortal
Perl_safesyscalloc
Perl_sv_derived_from_pvn
Perl_sv_mortalcopy_flags
Perl_sv_insert_flags
PL_locale_mutex
Perl_newSV
Perl_safesysfree
Perl_newSVsv_flags
Perl_sv_catpvn_flags
Perl_safesysmalloc
Perl_sv_newmortal
Perl_newSVpvn_flags
Perl_newSVpvn
Perl_newSVrv
Perl_sv_2pv_flags

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent

vcruntime140

memmove
memcpy
__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-string-l1-1-0

strcmp
strpbrk
strlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_execute_onexit_table
_cexit
_initialize_onexit_table
_initterm_e

Exports

Exports

boot_version__vxs

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66447c5282fb7c378e5360d3b7b89948

Headers

DLL Characteristics

File Characteristics

Imports

perl538

kernel32

vcruntime140

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 732B

.reloc Size: 512B - Virtual size: 160B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 732B

.reloc
Size: 512B - Virtual size: 160B