9c3fac40febe4902c541ed8ed67dfbe7e3cc59f7ca2840db48dd1c7958d58fb1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c3fac40febe4902c541ed8ed67dfbe7e3cc59f7ca2840db48dd1c7958d58fb1
Size

1.8MB
MD5

7043b53ed4f51435ec0dd8298a6e5676
SHA1

31bacd6b8915c93cc59e9eee4b05b2c2d6313358
SHA256

9c3fac40febe4902c541ed8ed67dfbe7e3cc59f7ca2840db48dd1c7958d58fb1
SHA512

2d54dd5deb8d498b8ca9f45e3f1d634175e4ff6955e3eb428f0f4f1e62c6e1e8acadaa83eee09d0868807ccfa36b0b09ebb14389478004186cbf6f198d0c1a8b
SSDEEP

49152:OfcojybmBTWXSOBisVXDiB83ryQQ8HeISN7RfqzA:oHeAyXSOXRD083rvQ8edf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c3fac40febe4902c541ed8ed67dfbe7e3cc59f7ca2840db48dd1c7958d58fb1

Files

9c3fac40febe4902c541ed8ed67dfbe7e3cc59f7ca2840db48dd1c7958d58fb1
.dll windows x86

5823679726658efb97b5f02b74cc24f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoTaskMemFree

comctl32

ImageList_SetIconSize

winspool.drv

SetFormA

shell32

ShellExecuteA

comdlg32

PrintDlgA

common

getTierMode

common2

getDBKind

dbconnect

getADOConnection

wsock32

WSACleanup

plm

ConnPLM

Exports

Exports

CloseForm
StartForm

Sections

CODE
Size: 1.8MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE