040f21cb65c413ed584033413e1d8013 | Triage

Sharing

General

Target

040f21cb65c413ed584033413e1d8013
Size

42KB
MD5

040f21cb65c413ed584033413e1d8013
SHA1

cf5a022c2df615f6a9afd7065104422b07d3c35c
SHA256

c16bd6d132396f26e6a6badaae347ec4923de9cbb6ec7b3b730106d372463c15
SHA512

ac814800a339e78b1574ed75bd6ea5918200364be8dceb9518adc8fa8da47ccdf0ac6197d6e463ded1d22f36886ea1b32a1a5e50fc2e6f25afcc62a220fbb5e0
SSDEEP

768:pTO1zkQB2hBi3IUwV8Zh3uydpBEt3ChnDoX8w5houu3wh2hm3M:IqkwV8Z42BM+nDghouu3wOV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
040f21cb65c413ed584033413e1d8013

Files

040f21cb65c413ed584033413e1d8013
.dll regsvr32 windows:6 windows x64 arch:x64

78ed290a779aa51d4473678936319a48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

ChrCmpIA
wnsprintfA
ord15

kernel32

GetCurrentProcessId
Sleep
VirtualAlloc
GetProcAddress
VirtualFree
LoadLibraryA
DeleteFileA
GetModuleFileNameW
GetCurrentThreadId

user32

SetTimer
MessageBoxA
GetClientRect
GetClassNameW
GetWindowDC
GetMessageW
GetForegroundWindow
DispatchMessageW
SystemParametersInfoW
GetSysColor
SendMessageW
GetWindowTextW
KillTimer
SendMessageA

gdi32

GetBkColor

ole32

CoTaskMemFree
CoInitializeEx

Exports

Exports

DllRegisterServer
PluginInit

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ