0581943d3907e6ce4e5c2affa8d7cd20 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0581943d3907e6ce4e5c2affa8d7cd20
Size

41KB
MD5

0581943d3907e6ce4e5c2affa8d7cd20
SHA1

17330b4f892d2867288fb14464d6b2176237a21f
SHA256

eb5217464e351d0e056d11385e24ac9c1c08ab8019cc2ae661b332bb1c14c96c
SHA512

9f6a8d373a58a8430d2a7e3c2dfce1c72b99fbe00a7510437bf49e2d9533d5b343ecbaf8b2560c05eca01f1eae053bd34294c215890443796ded021eba768270
SSDEEP

768:GGS/PPJ69K2c5r8OsDBZpAYqRHAZorOs1gxuqkB1chYsNbp6SGu4nQvxVH2oOBD:yPRESOn+YC1ZB1chYsNl6SWn+LcD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0581943d3907e6ce4e5c2affa8d7cd20

Files

0581943d3907e6ce4e5c2affa8d7cd20
.dll regsvr32 windows:6 windows x64 arch:x64

78ed290a779aa51d4473678936319a48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

ChrCmpIA
wnsprintfA
ord15

kernel32

GetCurrentProcessId
Sleep
VirtualAlloc
GetProcAddress
VirtualFree
LoadLibraryA
DeleteFileA
GetModuleFileNameW
GetCurrentThreadId

user32

SetTimer
MessageBoxA
GetClientRect
GetClassNameW
GetWindowDC
GetMessageW
GetForegroundWindow
DispatchMessageW
SystemParametersInfoW
GetSysColor
SendMessageW
GetWindowTextW
KillTimer
SendMessageA

gdi32

GetBkColor

ole32

CoTaskMemFree
CoInitializeEx

Exports

Exports

DllRegisterServer
PluginInit

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ