0381f48662f579531662141902d107ab | Triage

Sharing

General

Target

0381f48662f579531662141902d107ab
Size

99KB
MD5

0381f48662f579531662141902d107ab
SHA1

5e49753a7994fcb7278ca59e637fe1688bf44b04
SHA256

e01bb99eeb934a594d9128aabe01806fdeb9d6ecb907fd842701778ebaacfed6
SHA512

3dee6e09860efab19f9f7679c179d565aeecb966263d6c9e3959d9b98245feccb448ac76b166c8c45d7e9bb04256bdc1342e55a3eb1820367fb17d5d07a2aad7
SSDEEP

1536:j5OSSgjoRSDzqImuitvLr0Lh7T2aRSjzM+3CXtDg+e+rkKIka1h1KPjnWOQd:j5dcOOrtDE5OzM+3C1Be+PY+yd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0381f48662f579531662141902d107ab

Files

0381f48662f579531662141902d107ab
.dll regsvr32 windows:4 windows x86 arch:x86

99a72065759d7c6b2a6decfe214f040d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetLongPathNameA
LoadLibraryExA
GetPrivateProfileSectionNamesW
GlobalHandle
GetProcAddress
BuildCommDCBW
HeapReAlloc
CreateTimerQueueTimer

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Gonodcl
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 95KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ