6f2fa8f5278dc38bf1680d5397af781129978bdfbc7ade4015076f7b430ca66b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f2fa8f5278dc38bf1680d5397af781129978bdfbc7ade4015076f7b430ca66b
Size

3.3MB
MD5

2652fe3fc69d0d9af6c641600fe19983
SHA1

5828abeff9bb53359c6ea06dc4bf61096169d908
SHA256

6f2fa8f5278dc38bf1680d5397af781129978bdfbc7ade4015076f7b430ca66b
SHA512

458252989a187c1dc83e0e52bfa9ae4b391c087b9bb209180ea791bb8850db4a32a2cc042044570d8698e394c45e87a22dd430a0d9b061e782f604ddfc84a748
SSDEEP

98304:buJTLwW+Yod6GhcCvdcd1XzrIIodk3nXu8jb:bywW+lzOd1rIHMnXu8H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f2fa8f5278dc38bf1680d5397af781129978bdfbc7ade4015076f7b430ca66b

Files

6f2fa8f5278dc38bf1680d5397af781129978bdfbc7ade4015076f7b430ca66b
.dll regsvr32 windows x86

80a3a1e9ee7f23e76fab64272f257205

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

InvalidateRect

gdi32

CreateRoundRectRgn

advapi32

RegEnumValueA

ole32

CoRegisterMessageFilter

oleaut32

SysAllocStringLen

shlwapi

UrlUnescapeA

oledlg

ord8

ws2_32

inet_addr

wininet

HttpQueryInfoA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

comdlg32

GetFileTitleA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2.2MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE