dump2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dump2.exe
Size

4KB
MD5

6b906764a35508a7fd266cdd512e46b1
SHA1

2a943b5868de4facf52d4f4c1b63f83eacd882a2
SHA256

fc0c90044b94b080f307c16494369a0796ac1d4e74e7912ba79c15cca241801c
SHA512

70823c6038fa669242216dafa72caec9e154e9389e31520aefa47b61364d6abbda8bc9f6cbf68c6528e2a78114e1c39b707d807a391dcd42256e2220eeb2e914
SSDEEP

48:qWIV48ko/+ewQN8ZScb2uftoX4PGhFOy445J6TBI+K29jak5P:LA3dbwQNKSbuVmyVx9X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dump2.exe

Files

dump2.exe
.dll windows:6 windows x86 arch:x86

2b5bb5688a1c045931a1afeb35f00c7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenProcess
ExitProcess
CreateProcessW
lstrcmpW
IsProcessorFeaturePresent
TerminateProcess
ExpandEnvironmentStringsW
CloseHandle
GetStartupInfoW
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindFileNameW

Sections

.text
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ