162472d03efe7885f10e12bdf2404a7ededec4d47477c447fd56c841579be49c | Triage

Sharing

General

Target

162472d03efe7885f10e12bdf2404a7ededec4d47477c447fd56c841579be49c
Size

1.8MB
MD5

ea1139d0609f63a4299dd0e6336e561c
SHA1

13ced5389ada5654e0dc3029ed7b625ab4bcbbe7
SHA256

162472d03efe7885f10e12bdf2404a7ededec4d47477c447fd56c841579be49c
SHA512

a9e928a16793e0b674bd1886707f173f5dd0b730203425b5c702d398f4c483bec7a59378b7ef7f259cf8267a7a60b502bd65e2f43f73ad7ad84b6f95b60f7d0e
SSDEEP

49152:6Y8oLxNZQO2fj6tcCUgPRyFd+jTVitPuSQQN7bPlDV:X/294JyajTMP/QQNtDV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
162472d03efe7885f10e12bdf2404a7ededec4d47477c447fd56c841579be49c

Files

162472d03efe7885f10e12bdf2404a7ededec4d47477c447fd56c841579be49c
.dll windows x86

5823679726658efb97b5f02b74cc24f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoTaskMemFree

comctl32

ImageList_SetIconSize

winspool.drv

SetFormA

shell32

ShellExecuteA

comdlg32

PrintDlgA

common

getTierMode

common2

getDBKind

dbconnect

getADOConnection

wsock32

WSACleanup

plm

ConnPLM

Exports

Exports

CloseForm
StartForm

Sections

CODE
Size: 1.8MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE