0f7df39dca5e50c2683a1fc7b83cb6e708388c9a40d261c3309163bb4ec41fffN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f7df39dca5e50c2683a1fc7b83cb6e708388c9a40d261c3309163bb4ec41fffN
Size

139KB
MD5

1866baaea2de3d41313f8676b558db90
SHA1

e5ac0ecac37c1f954ad29e2d23f8d015457817f5
SHA256

0f7df39dca5e50c2683a1fc7b83cb6e708388c9a40d261c3309163bb4ec41fff
SHA512

6fb3d9ceff1dabbaed56de3051247ee5fb4b3c7b12b3b4cd20e58359eb4ecd130798e9463fe0bb89567d8ec255956a8a4b90395b19f5d39a703701de989962e0
SSDEEP

1536:6qubNFe3BJB1lnnkbJAvggJttIUQUVvDwc4KI5/JQsmGBEO:6qubNFefTlnnk+xRIUQUtEnjJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f7df39dca5e50c2683a1fc7b83cb6e708388c9a40d261c3309163bb4ec41fffN

Files

0f7df39dca5e50c2683a1fc7b83cb6e708388c9a40d261c3309163bb4ec41fffN
.dll windows:4 windows x86 arch:x86

1daebd62e3e87b50ad812dc584001fd4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

lawAsystem.pdb

Imports

kernel32

lstrcpyA
FillConsoleOutputCharacterW
CreateThread
FindNextVolumeMountPointA
CreateSemaphoreA
SleepEx
FindVolumeMountPointClose
lstrcmpW
GetWindowsDirectoryA
GlobalFlags
lstrcatA
GetLocaleInfoW
CompareFileTime
EnumCalendarInfoW
GetCurrencyFormatW
AssignProcessToJobObject
FindNextVolumeMountPointA

msvcrt

memcpy
strlen

advapi32

FindFirstFreeAce
InitiateSystemShutdownExW
CreatePrivateObjectSecurityEx
CryptDeriveKey

Exports

Exports

PseudocodeEncodingClass
PseudocodeKeyboard
PseudocodeProgramming
PseudocodeVersionFinder
PseudocodeWidgetSubdirectory

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ