06489f3aa62e747ed21f1fe4658f696e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06489f3aa62e747ed21f1fe4658f696e
Size

63KB
MD5

06489f3aa62e747ed21f1fe4658f696e
SHA1

fccfe6d0d6fbb4556363c8b63067659203c3d116
SHA256

e173f1d3969127517a4f4b89b467e4cb2697658765cc164886da3d9dc2f3c2ec
SHA512

8ec914565037a9004c77ed4d5860965b0e3bf3793ced40926e7c9f3a8f3911cb74b12612ac3e6c1c8f38050379cd643ad7a4b3bed608e62174ba7b9cdf9d8c9e
SSDEEP

1536:BfQAl+7ovOEIeqFLTxZFMN16pUBd5CDww:dQAl+pE9ETe36pcWDww

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06489f3aa62e747ed21f1fe4658f696e

Files

06489f3aa62e747ed21f1fe4658f696e
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE