061bb8a4fa8399ce9060f0b42865be63 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

061bb8a4fa8399ce9060f0b42865be63
Size

20KB
MD5

061bb8a4fa8399ce9060f0b42865be63
SHA1

d8f2dc23995e678999d9a05b4635cada81cfd7db
SHA256

edd290bc9dc7faf61b71a8adba4478d9406f89b27f61e0397214784c48e00177
SHA512

2a98ca63538e2713baef8c763d822dc686b5378e76bc50bd9039e77f12508d413d70fa470993ee197f57eb4615765954b12d3b57b8ecdd7eef3ca59461a32ae7
SSDEEP

384:cYzBG9gkY2diiuCZxQlCWtf5VjpilKjE/CKMOr7xLuhDU0Jr5o:cYzBG9zY2diiuCZxQlCWtf5Vjpi4E/Ci

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
061bb8a4fa8399ce9060f0b42865be63

Files

061bb8a4fa8399ce9060f0b42865be63
.dll regsvr32 windows:4 windows x86 arch:x86

9112c0ff353c5bfb35cb581bda9ad48b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitThread
WaitForSingleObject
SetEvent
lstrcpyW
GetVersionExA
GetSystemDirectoryW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
lstrcpyA
lstrcatA
GetModuleHandleA
CloseHandle
GetModuleHandleW
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
CreateThread
CompareStringW
CreateEventA
SetFileAttributesW

user32

wsprintfA
wsprintfW
CharLowerA

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyW
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ