38330b44388ef2ef0d217005a8dd0679 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38330b44388ef2ef0d217005a8dd0679
Size

75KB
MD5

38330b44388ef2ef0d217005a8dd0679
SHA1

5f4b787335cdfdf6f9665fb1d412a5805d83069a
SHA256

34ca9ea7320dd2d5911fa92c36bc51286516b7a4aeb3207934a2307ca44833d3
SHA512

e48d3623ed89f235afa2be1953627fed1be56c8246940ac672dce1ed03c96167355b7827e10b474d3ec5ab7864dffdaae9687b3a933f7d914ef5c4b501e97fd1
SSDEEP

1536:IcsE2Z4WvwoZimcDbww+mWXFPixxAYWy0m1box+IF9Y1jx:YE2KawoZin+fVEYDvF9kjx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38330b44388ef2ef0d217005a8dd0679

Files

38330b44388ef2ef0d217005a8dd0679
.dll regsvr32 windows:4 windows x86 arch:x86

168a0c79c21990926f149bb28783831f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wvsprintfA

atl

ord57
ord30
ord23
ord21
ord15
ord18
ord32
ord16
ord58

kernel32

InitializeCriticalSection
GetStringTypeW
DebugBreak
HeapAlloc
HeapFree
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryA
RtlUnwind
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
GetSystemInfo
HeapCreate
lstrlenW
Sleep
DeleteFileA
GetStringTypeA
MultiByteToWideChar

oleaut32

LoadRegTypeLi
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_16101976

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ