0666340ab040462e9ced8a991689d842 | Triage

Sharing

General

Target

0666340ab040462e9ced8a991689d842
Size

43KB
MD5

0666340ab040462e9ced8a991689d842
SHA1

8cc3978db54fd5cc4e847e2126e3b691ad1de393
SHA256

78fdb5d0e912addd64716fd431523f9584187cf4e9ad1d785ac857c5fda74d5a
SHA512

636e93e7e98a4b2ac6515dcb5f20cd78b3674629e55cc911f886cee4d3aee8d88872df170545084c22ce2625de30178e5c901c6d21faec3612b9ba693a61314e
SSDEEP

768:Q9LP6cEXizymthRLtkJ8Fn5CuS0J5zHmRXcbRfCCLuFTjxXjucG43duDKo86d/:Q9LP6ifhR5O8dSqNEsNKgudVuc6DKs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0666340ab040462e9ced8a991689d842

Files

0666340ab040462e9ced8a991689d842
.dll windows:4 windows x86 arch:x86

b61f2f0f7e490cd2fe4ad5e299c849e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

gdi32

DeleteObject

shlwapi.dll

StrCmpW

msvcrt.dll

malloc

avicap32

capCreateCaptureWindowA

winmm.dll

waveInUnprepareHeader

psapi

GetModuleFileNameExA

advapi32.dll

RegCloseKey

ole32.dll

CreateStreamOnHGlobal

imm32

ImmReleaseContext

user32

ExitWindowsEx

shell32

ShellExecuteA

ws2_32

listen

Exports

Exports

DllInstall
ServiceMain
ldap_open

Sections

.erdf
Size: 24KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

edrft
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rtyhgj
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE