16fae87863851a194b36a4a511fba4f7 | Triage

Sharing

General

Target

16fae87863851a194b36a4a511fba4f7
Size

100KB
MD5

16fae87863851a194b36a4a511fba4f7
SHA1

5112fc416a7dfcfeef11ef9889995b15adb7b0e9
SHA256

b96269b583613b9fae6e7bf215f07d23bb23b31e08bf8f464aae27fac69fa0fd
SHA512

5b28422a3d326c3096e7c9320998db9d824c1a152c15b8a8677b5d62890330323e284685223449bf6dc32dd18ee68ea53688a827f225aae1ca2af7da664b2142
SSDEEP

3072:Xfm/z/8GapvWBCmhPi0FOykJGemrhjV6ZOndekuZMHu4:u/KvWBd55FjemkgzHu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16fae87863851a194b36a4a511fba4f7

Files

16fae87863851a194b36a4a511fba4f7
.dll regsvr32 windows:4 windows x86 arch:x86

16b45677b3df276414c20030a15c2166

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetNumberFormatA
GetBinaryTypeA
SetTermsrvAppInstallMode
BeginUpdateResourceA
LoadLibraryExA
GetTimeFormatA
CloseConsoleHandle

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Hcijjik
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ