0144c648c635d1056ff53686778923d6 | Triage

Sharing

General

Target

0144c648c635d1056ff53686778923d6
Size

144KB
MD5

0144c648c635d1056ff53686778923d6
SHA1

0104befe42ef9d14a6172a206efcdc44a5464965
SHA256

c2603901843b4cccde0c0cb0b830a7383b1ad10ef676042f284b762a5bad6c04
SHA512

80d3c84ae06875e3ab23148ad6977e2cc7ff113d106f6d6df733c74e664c1bd5f178ee18c8f6ca1e1810e7b05c862253bff2e6e3797990f7891fc6f9a95b150e
SSDEEP

1536:EEW1NLl7g7eyhLQk9jcnIMLTwp3sp40vcGLyyiIifXls2iymON:4Ll7g7exSjo/Y2vcrOifO7EN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0144c648c635d1056ff53686778923d6

Files

0144c648c635d1056ff53686778923d6
.dll regsvr32 windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Exports

Exports

DisableHook
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnableHook
SetupShellHook

Sections

.text
Size: 1KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 419B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lmpmdf
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ