474d4a550c69a1d6829b15538e1a35e7 | Triage

Sharing

General

Target

474d4a550c69a1d6829b15538e1a35e7
Size

51KB
MD5

474d4a550c69a1d6829b15538e1a35e7
SHA1

e6bebba91fe6479706ed5750754edd85ba692845
SHA256

0ea2e21f1c2bc172a70b037afaf34894516b0e4e9e445863952e9865edd4e1de
SHA512

409f04015c6e8b1d823e5d6d90a761b56060474dad880e4caf59ca630dc1a990924be6d8bc87d37a0445262d33e590fad5652a0caa96c5e513a97fa6adbb406f
SSDEEP

768:0fM30Tl1K3DKyOhk7B/4xZargXOkpgebbTEYBh4QAHK2h0OjiAlWSPjd0VrON4CE:cG0p1MOfi7B/4PsgXNL3/h0KNgJ6lO6n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
474d4a550c69a1d6829b15538e1a35e7

Files

474d4a550c69a1d6829b15538e1a35e7
.dll windows:4 windows x86 arch:x86

b5ef6c4dfda111a6ede8c5fdaf65870c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegQueryValueExA

psapi

GetModuleFileNameExA

shell32

ShellExecuteA

winmm

waveInUnprepareHeader

msvcrt.dll

strrchr

imm32

ImmReleaseContext

ole32

CreateStreamOnHGlobal

user32

ExitWindowsEx

gdi32

CreateCompatibleBitmap

shlwapi

StrCmpW

avicap32

capCreateCaptureWindowA

ws2_32

listen

Exports

Exports

cdwertgyhq
DoService
ServiceMain

Sections

.rdft
Size: 25KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dsewq
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gyumn
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE