2d9b673cf70251b39bd8dd653b9eb2d6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d9b673cf70251b39bd8dd653b9eb2d6
Size

43KB
MD5

2d9b673cf70251b39bd8dd653b9eb2d6
SHA1

ef65ec05217e6d23e648b24fc4744759b3a78138
SHA256

ec26e071d9aca02693eebbb57869f65ba6f7ea5baf7a15cda975dab900c093b7
SHA512

d2746ea4c74c50fe4fef773828291e82476d5173d6f29052a0981ba84954220809590dee81221b9462b84b88449f530a14c82f4372fa67ec7daf29d89aa97b4d
SSDEEP

768:qpxGsgAMgA+JGo3bYOCzdv7QVci3v0V1EIaw2PcLeKjupb6JfIKNWx+QCBdVl6TD:gos88cxz1ecyC1EIJ2UaKju0JCT1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d9b673cf70251b39bd8dd653b9eb2d6

Files

2d9b673cf70251b39bd8dd653b9eb2d6
.dll windows:4 windows x86 arch:x86

4ed3778910fa4be7b2e28cd902c200f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt.dll

malloc

ole32.dll

CreateStreamOnHGlobal

psapi

GetModuleFileNameExA

gdi32

DeleteObject

avicap32

capCreateCaptureWindowA

ws2_32

listen

shlwapi.dll

StrCmpW

advapi32.dll

RegCloseKey

imm32

ImmReleaseContext

shell32

ShellExecuteA

user32

ExitWindowsEx

winmm.dll

waveInUnprepareHeader

Exports

Exports

DllInstall
ServiceMain
ldap_open

Sections

.erdf
Size: 24KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

edrft
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rtyhgj
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE