00216d7c21a66045a96700c8f3c6abb5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00216d7c21a66045a96700c8f3c6abb5
Size

63KB
MD5

00216d7c21a66045a96700c8f3c6abb5
SHA1

7f353cfd001dcfb563c257182c744850c0ae0781
SHA256

e8516713ba080e8a48b89006d217ed9a388f5d39355f9113bc728030a27152a3
SHA512

106ceb1e0a94423ae8f78da60937fca9123ef9c2916915513c2de893fe5ba625c8d123b6dae7098d3b7c8a6cffbc5978a54b3bb0d83bcd1f7146c488286a37af
SSDEEP

1536:BfQAl+7ovOl5Q+dGGo1iCjoo0y/hUyyrNtEFDjacQ6M6KeZhC0:dQAl+pl5s1L5wrgxacQf6h9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00216d7c21a66045a96700c8f3c6abb5

Files

00216d7c21a66045a96700c8f3c6abb5
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE