16d5db3c8ef9fe8604383cff6c0505f90e5402813f1c931fbb825aee305f16bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16d5db3c8ef9fe8604383cff6c0505f90e5402813f1c931fbb825aee305f16bb
Size

179KB
MD5

2e088345c44f97aa185c1eccebbe97ae
SHA1

065e7fc05cbf24e194aed457ec14962bfc6d0f30
SHA256

16d5db3c8ef9fe8604383cff6c0505f90e5402813f1c931fbb825aee305f16bb
SHA512

ea33cb49eaebbc124f4fde08e9fb20de7e39ecbb9fd892779bfa6a87ba6013d8831aafc576eae49de0e4303632f47b6ed048c078e8673f572d802e3ce11a1dd5
SSDEEP

3072:bm7bUaxzgHda2RM7I7kmTKN5SwzGw0QBwb4OgIQTZ8kHPVinj/jnr3n7OE3WF:bwZhI7ZKLSwzGgBaJgIS8kHN8rjaE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16d5db3c8ef9fe8604383cff6c0505f90e5402813f1c931fbb825aee305f16bb

Files

16d5db3c8ef9fe8604383cff6c0505f90e5402813f1c931fbb825aee305f16bb
.dll regsvr32 windows x86

0f9f917330ac88877b4e5bd833cf8d44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord6199

msvcrt

memcpy

user32

FillRect

gdi32

GetObjectA

comdlg32

GetOpenFileNameA

shell32

SHBrowseForFolderA

ole32

CoCreateInstance

oleaut32

SysAllocStringLen

urlmon

URLDownloadToFileA

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

version

GetFileVersionInfoA

dhnetsdk

ord172

winmm

PlaySoundA

dhplay

ord88

ws2_32

getservbyport

wininet

DeleteUrlCacheEntry

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 157KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE