df265487e92e40242ecf81d67bd698771f3dbaba0954d369b93735d600c7bbd7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df265487e92e40242ecf81d67bd698771f3dbaba0954d369b93735d600c7bbd7
Size

89KB
MD5

0bac3e97f9ddfc90f89ee66da7d6205b
SHA1

816c836e48285f4d11745593b6a8616e429c8680
SHA256

df265487e92e40242ecf81d67bd698771f3dbaba0954d369b93735d600c7bbd7
SHA512

0ef162cb71fc2059ea96d3b2318316cd51e54c99c0608c5538d004590c629d59544a706db816280ce71e92217d10fbcd29d8ebe208d36c13bd18c5e5c20332c4
SSDEEP

1536:yGVb+gHK9jtTK3Qg2tOtQjCz3nXM6Hwzj5aWNVt7fhI6DFRt8jykppIEM5wYdEeX:yKH41AremWEWNVt7NxgvEEmwaEeR9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df265487e92e40242ecf81d67bd698771f3dbaba0954d369b93735d600c7bbd7

Files

df265487e92e40242ecf81d67bd698771f3dbaba0954d369b93735d600c7bbd7
.dll regsvr32 windows x86

d69c6479660f6fc7022a75a7d35f4ebe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvbvm60

__vbaVarSub

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE