0dda7a598634a885eebb646aced1de130f4bb1aaa749a7e6778fff951d053134N

Sharing

Copy URL Twitter E-mail

General

Target

0dda7a598634a885eebb646aced1de130f4bb1aaa749a7e6778fff951d053134N
Size

128KB
MD5

1a74ae27b8f3968b9f222ce9f94f90d0
SHA1

75934d2c230f560e0e572d12474f47aca4d8caf9
SHA256

0dda7a598634a885eebb646aced1de130f4bb1aaa749a7e6778fff951d053134
SHA512

19bc4b3e236fb5488ed11e2157eef614698a180360057a5436811fba667cfbd6799093103e759bf4fa7e48b2681efef6c68206ea621e25b2abfb6c8499de26a0
SSDEEP

1536:d9gP3WbZWhDBkAkjCDxNNg4gGqTk4mSDqXsiSBHu6QuSlXCxrA:d9gPmbZWhD1T1Y4gG4k4teoYhmrA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dda7a598634a885eebb646aced1de130f4bb1aaa749a7e6778fff951d053134N

Files

0dda7a598634a885eebb646aced1de130f4bb1aaa749a7e6778fff951d053134N
.dll windows:4 windows x86 arch:x86

f841b5f28a323f11ee2015a365158599

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

empty2res.pdb

Imports

kernel32

GetTimeZoneInformation
SetEndOfFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileA
CompareStringW
CompareStringA
InterlockedExchange
HeapSize
RtlUnwind
InitializeCriticalSection
VirtualQuery
GetSystemInfo
HeapCreate
GetConsoleMode
GetAtomNameA
FindAtomA
EnumResourceNamesA
DeleteAtom
CreateSemaphoreA
CreateMutexW
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CopyFileW
GetCPInfo
GetOEMCP
TlsSetValue
TlsFree
SetLastError
FileTimeToSystemTime
ReadFile
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
WideCharToMultiByte
HeapFree
HeapReAlloc
HeapAlloc
GetVersionExA
GetCurrentThreadId
ExitThread
GetFileAttributesA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
TerminateProcess
GetModuleHandleA
FindClose
FindNextFileA
FindFirstFileA
GetExitCodeThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
CreateProcessA
GetExitCodeProcess
CloseHandle
GetLastError
FormatMessageA
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
IsSystemResumeAutomatic
FileTimeToLocalFileTime
GetDriveTypeA
GetFullPathNameA
TlsAlloc
GetCurrentDirectoryA
UnhandledExceptionFilter
SetUnhandledExceptionFilter

advapi32

RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

FindMemoryTest

Sections

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f841b5f28a323f11ee2015a365158599

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 538KB

.idata Size: 4KB - Virtual size: 3KB

.code Size: 96KB - Virtual size: 95KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 538KB

.idata
Size: 4KB - Virtual size: 3KB

.code
Size: 96KB - Virtual size: 95KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 1KB