5ae69919b04e327eb4ee730c8b978d54 | Triage

Sharing

General

Target

5ae69919b04e327eb4ee730c8b978d54
Size

57KB
MD5

5ae69919b04e327eb4ee730c8b978d54
SHA1

abdb27b6a03871d437646ae153329baa4eae110e
SHA256

059cf6b7fd6d318ae3a7a27fa89361cbeb11319fdd0f19352c02545ff9a88454
SHA512

e4cb2a8bac0151f7d68f968bb4c79492cf56fc0f5595564954dc99798df7926a5244aa9903ebef2d00f45d95c48aff0ebc4298e5ecff11bb3805e7f6f8126d57
SSDEEP

1536:dZoOQeP15YCslCvzF757+Rcl/K5InG4Xc:A6fslCrF7QcNqQc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ae69919b04e327eb4ee730c8b978d54

Files

5ae69919b04e327eb4ee730c8b978d54
.dll regsvr32 windows:6 windows x64 arch:x64

cfa8dd488fd4044f7dbcc5838881a33c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetCurrentThreadId
GetCurrentProcessId
GetProcAddress

Exports

Exports

?druio@@YAHXZ
?dweby@@YAHXZ
?hoprtw@@YAHXZ
DllRegisterServer
PluginInit

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ