3014ee6068720463c92e1f4056594b50 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3014ee6068720463c92e1f4056594b50
Size

5KB
MD5

3014ee6068720463c92e1f4056594b50
SHA1

e591a347cb71db23e5aeb39f38c6db0207b5751b
SHA256

cb6f456d0fae05019cb9782f0c190309e6bb44e50a67cf3e998c4318da5074e6
SHA512

af7b9105bb200e41e54800af146499f69c9e13f3614ed32434a8158184289b8becc8bb1be0db3791d3440f556bdb32478feb4b653e82cd3221f5ddfd3c452761
SSDEEP

48:aTi9NYV1ZRqf1h0YFgzCXJF3J1nS93JQx09FBmRjthgtQComcPn+Y:BY1+X0ZEpSnQx0IJ2/nQ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3014ee6068720463c92e1f4056594b50

Files

3014ee6068720463c92e1f4056594b50
.dll windows:4 windows x86 arch:x86

e987a79c25e28e4fbc107c35faaf1b50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
GetCurrentProcess
VirtualProtect
IsBadStringPtrA
lstrcmpiA
CloseHandle
Module32Next
Module32First
lstrcpyW
GetCurrentProcessId
lstrcmpW
GetModuleFileNameW
GetModuleHandleA
GetProcessHeap
HeapAlloc
CreateToolhelp32Snapshot
lstrlenW

user32

wsprintfW
CallNextHookEx
SetWindowsHookExA

advapi32

RegOpenKeyExW

Exports

Exports

SetHook

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 915B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shr
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ