14bbfe92edd558dfd4ebd6b4207076af | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14bbfe92edd558dfd4ebd6b4207076af
Size

41KB
MD5

14bbfe92edd558dfd4ebd6b4207076af
SHA1

8a0c90059464f53bdab47dd0de92f7f6e1477a47
SHA256

1f8c62de66519c124085af1c0c42b159c766aebf6738b208db3b6239d1ce114a
SHA512

439e319506ae66e64be3297f765e71a54f362910530032b833ef031a4cee0612c9cd86af4f60e06cc8402e2263ed7d36794a226ef88e10a7d7629c8a8be44d74
SSDEEP

768:GGS/PPJ69K2c5r8OsDBZpAYqRHAZorOs1gxuqkB1chYsNbp6SGu4nQvxVH2oOBS:yPRESOn+YC1ZB1chYsNl6SWn+LcS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14bbfe92edd558dfd4ebd6b4207076af

Files

14bbfe92edd558dfd4ebd6b4207076af
.dll regsvr32 windows:6 windows x64 arch:x64

78ed290a779aa51d4473678936319a48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

ChrCmpIA
wnsprintfA
ord15

kernel32

GetCurrentProcessId
Sleep
VirtualAlloc
GetProcAddress
VirtualFree
LoadLibraryA
DeleteFileA
GetModuleFileNameW
GetCurrentThreadId

user32

SetTimer
MessageBoxA
GetClientRect
GetClassNameW
GetWindowDC
GetMessageW
GetForegroundWindow
DispatchMessageW
SystemParametersInfoW
GetSysColor
SendMessageW
GetWindowTextW
KillTimer
SendMessageA

gdi32

GetBkColor

ole32

CoTaskMemFree
CoInitializeEx

Exports

Exports

DllRegisterServer
PluginInit

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ