95c6fb0b9485507ce6b77f4f93b98886 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

95c6fb0b9485507ce6b77f4f93b98886
Size

576KB
MD5

95c6fb0b9485507ce6b77f4f93b98886
SHA1

cfdf9ef5840ed13ac2cd5303843de9cc22d64f8c
SHA256

e6e55c2d8be3093c707b3cff2e996867e485a0594735074888c25c6abea0c069
SHA512

291408b3a1f726ea3c1b8bd77855e539cbdd52a3111b7f0e6abc14f8ff470384702c8b615ef20c4e25a6ff67d5ce14ce40dbe80ccfebe8ee9eeb2ffce2bf75f6
SSDEEP

6144:Tkov+OFkzv7NG0EG/a/r/XdS/geftk7bkUY:+OF0EGEra+4UY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95c6fb0b9485507ce6b77f4f93b98886

Files

95c6fb0b9485507ce6b77f4f93b98886
.dll regsvr32 windows:6 windows x64 arch:x64

bffa884c141cfb9f17c42805b9961e26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadPriority
TlsGetValue
WaitForSingleObject
WaitForMultipleObjects
CreateThread
CreateFileA
DeleteCriticalSection
EnterCriticalSection
GetCommandLineW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
Sleep
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
GetSystemTime

Exports

Exports

DllRegisterServer
DllUnregisterServer
PauseW
ResumeW
StartW
UqjtpflBctueizugcnKvmpnvgwn

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE