d32bb1641de27e70b27f6264fbf97d553467377229aa42a34d7f636e0aa35328 | Triage

Sharing

General

Target

d32bb1641de27e70b27f6264fbf97d553467377229aa42a34d7f636e0aa35328
Size

91KB
MD5

4a04a3d25be485e89b5aa556bdae562f
SHA1

b2188f4fafc6569fd396c50f9ea4a5b629fe5548
SHA256

d32bb1641de27e70b27f6264fbf97d553467377229aa42a34d7f636e0aa35328
SHA512

f9e7fb71e97daf1e9eacc721e61d7716e957a2372641e07211feaaccc2de68f23f8c357ccd6b4f18cc1178b0637175f811671c478c7500a10ecd62057d53fdb0
SSDEEP

1536:f5DpJxAv9zSEyMvCsXSg7bPRq7iQ3b1p61IYNK8rH529q18UCFRr:ZFAv8e7bPOiODufH529q+lFl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d32bb1641de27e70b27f6264fbf97d553467377229aa42a34d7f636e0aa35328

Files

d32bb1641de27e70b27f6264fbf97d553467377229aa42a34d7f636e0aa35328
.dll windows:4 windows x86

4ec54ec84fb800f7900694fe4075bcf5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

wsprintfA

advapi32

RegSetValueExA

shell32

SHGetSpecialFolderPathA

wininet

InternetOpenA

shlwapi

PathFileExistsA

Exports

Exports

bukeni
jzrundll
jzrundll2

Sections

.text
Size: 85KB - Virtual size: 924KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE