01c72764de087f397a852684e6a517c4 | Triage

Sharing

General

Target

01c72764de087f397a852684e6a517c4
Size

32KB
MD5

01c72764de087f397a852684e6a517c4
SHA1

8b3904fc7b951f48360d14ee2d3e2717b157642b
SHA256

aae2787c3f2ba4cd498a3c2a1475673f3f218337d9e7c23e39258081e1c8b40c
SHA512

13d04ad2bbe2248e16f977f2d7af952470ad2657b4d5a43c9c1507111597f4c3d10ba650ba9c4abf12f07d4fbac0cb203ee428873a641b54cba0d891f7f66cae
SSDEEP

384:L5SMg6hnJltPtaptw69J+cRunSAVV7WmnYW4bo91LzAVUk5:F1gKJ/Ptanw6jj4nNVV7TnYW4bo91iX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01c72764de087f397a852684e6a517c4

Files

01c72764de087f397a852684e6a517c4
.dll regsvr32 windows:4 windows x86 arch:x86

dce86e3b4b6a4a86c4c238f6185eaec1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetSystemDirectoryA
CloseHandle
InterlockedIncrement
DeleteFileA
GetLocalTime
GetProcAddress
LoadLibraryA
GetModuleFileNameA

user32

CallNextHookEx
RegisterClassExA
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
KillTimer
CreateWindowExA
ShowWindow
UnhookWindowsHookEx
FindWindowExA
PostMessageA
DefWindowProcA

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

_initterm
free
__CxxFrameHandler
strrchr
strchr
fopen
fwrite
_stricmp
malloc
_adjust_fdiv
_strlwr
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
_access
fclose

Exports

Exports

DllRegisterServer
DllUnregisterServer
NPmcAzEeikBhIuDC
YDth

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ