2e771ecb48099eb6c125ada79f2c52d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e771ecb48099eb6c125ada79f2c52d9
Size

103KB
MD5

2e771ecb48099eb6c125ada79f2c52d9
SHA1

ffbc4bf1d9b86a6c99bca9b18d4f825c6712cec3
SHA256

e44ea830f9e41a3a1cb471d2bc6a54d2e1a40be67c573036f6dd689fbf867eba
SHA512

b4e08958dbcaeaa65ab1546540c9897084787f757a7409d8e17127430fdb36486146511f932a2e2cf5e1707bf1f0ff50e11e0ad3a0fd87b366fcbd69b24b0b14
SSDEEP

3072:paR13sy/YNBUYsr14B7kvVapY5j/9Hz/AFe6MT:cnJwnOr1X4eV/X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e771ecb48099eb6c125ada79f2c52d9

Files

2e771ecb48099eb6c125ada79f2c52d9
.dll regsvr32 windows:4 windows x86 arch:x86

90b75ef8425c00d47cd997ee5c3586ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetStringTypeW
TlsAlloc
GetNumberOfConsoleInputEvents
lstrcpyA
GetEnvironmentVariableW
LoadLibraryExA
GetProcAddress
GlobalMemoryStatus

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Fnhglom
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 100KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ