2baf2e21aa4d4df41df13600070745fe | Triage

Sharing

General

Target

2baf2e21aa4d4df41df13600070745fe
Size

32KB
MD5

2baf2e21aa4d4df41df13600070745fe
SHA1

13ba0e9abb7adf868c763a5dac3cbbd4caefff53
SHA256

46fffbe1f463d0c04870783e2a3b099bae5151e856d039f33c3fe14afcaa590e
SHA512

4c869171ec5309fe48d033a3e27017be0861948233f351570377a8524054f0f55c7aa56c7a6f5e0a08ddb71c3d1cb27dc6d8eaf5b216878fd69194ade660520b
SSDEEP

768:6SBJ++fEzYWDMVAjqNlHQ2SjDqj0Ojs+8j1Z+we:6SWDKGqOtDld/2t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2baf2e21aa4d4df41df13600070745fe

Files

2baf2e21aa4d4df41df13600070745fe
.dll regsvr32 windows:4 windows x86 arch:x86

c9785bc5c6bc01672788b7d2b0157cf0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
GetProcAddress
LoadLibraryA
DeleteFileA
GetModuleFileNameA
CloseHandle
CreateThread
InterlockedIncrement
WinExec
GetLocalTime
GetWindowsDirectoryA

user32

KillTimer
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
ShowWindow
RegisterClassExA
GetMessageA
TranslateMessage
DispatchMessageA
UnhookWindowsHookEx
FindWindowExA
PostMessageA
DefWindowProcA
SetTimer

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

_initterm
free
strrchr
strstr
strchr
fopen
fwrite
_stricmp
fclose
malloc
_adjust_fdiv
_strlwr
??2@YAPAXI@Z
sprintf
__CxxFrameHandler
??3@YAXPAX@Z
_access

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VdSYNzmwck

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ