0022df8a06e9aa108381bb2302a8af20 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0022df8a06e9aa108381bb2302a8af20
Size

47KB
MD5

0022df8a06e9aa108381bb2302a8af20
SHA1

07712ed99bc6d54b071889e65e5319ebbbc41cbc
SHA256

e6a8c5dbc2388b7b8119cc8bd5bcee36f8d87b6a3c21473977043f2f2187fe1d
SHA512

37c8dae3ddb63d3c364ed6e8d926c6d5054405cd81551d26eed72aca0e4cc8bdbf0b2a0653c9bb93b5c1718cb1ed6d23c02b8ea316e081d7f5ddbdab88a742a8
SSDEEP

768:XxjDQp6DsOfL62l8ovOD2wi1A1uBd41uWhH+vGqeWKnZBVm0vcGWFO8gnK6Pxd2h:BfQAl+7ovO6wiS1vlevGqN+/RvcFejPG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0022df8a06e9aa108381bb2302a8af20

Files

0022df8a06e9aa108381bb2302a8af20
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE