6bb2d88a69af028f9aba80c897b9cf6c | Triage

Sharing

General

Target

6bb2d88a69af028f9aba80c897b9cf6c
Size

368KB
MD5

6bb2d88a69af028f9aba80c897b9cf6c
SHA1

5472f1cdb228602951553f7d36cfb535e743c915
SHA256

e737c2180807ae910e9d228b5ded5106fac25d1c02e09ad3f67f913db21ce59a
SHA512

55c6e69b02a4cc16538dd5e83d65b833d51bbbf5221d1dc13ee0d7d01b8f4b5005ea0361037c88df15b2071fe8a277f23d879dc27924cd225cf44b48cba1d3fb
SSDEEP

6144:c2lkEurS0HhRvIR40PtPps+JPZQzhEsFFehrKDXSooK6rb4sh7xQCCwp6:xl0hhO4WtPNQNEsDXDXHQkqCc6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6bb2d88a69af028f9aba80c897b9cf6c

Files

6bb2d88a69af028f9aba80c897b9cf6c
.dll regsvr32 windows:4 windows x86 arch:x86

07d2a5888ad8b124fdf1dc21d64cde1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

IsEqualGUID

comctl32

ImageList_SetIconSize

shell32

SHGetSpecialFolderLocation

shfolder

SHGetFolderPathA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 353KB - Virtual size: 936KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE