20c29dc72bb1267cb4a2425e4a069b39 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20c29dc72bb1267cb4a2425e4a069b39
Size

44KB
MD5

20c29dc72bb1267cb4a2425e4a069b39
SHA1

4ab265099e2da7105a0f45046e92192d31b9321c
SHA256

615b2563fc8044576ae68b5a8083e21af6b26f9dc1a8596c5efaa0c56f946ab0
SHA512

6f9838b5f527a4796d7195f164d013d15da2e45d73f9ffb8fe413080590b4ba96d502b40d9a186335589f229ae9356d685a4e37726d7a67d506967a6743406db
SSDEEP

768:RRQH+4AseIcI6RxcwUpkavKkAGiy8fZJi7YWsDXAjzgLa1U+eyr:fQe4AsdcoE/NGlH7YW+XAALaOXy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20c29dc72bb1267cb4a2425e4a069b39

Files

20c29dc72bb1267cb4a2425e4a069b39
.dll regsvr32 windows:4 windows x86 arch:x86

0ac84588dceadf8c27b7c0e24dca49e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
WinExec
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedIncrement
GetLocalTime
CreateMutexA
CreateProcessA
VirtualAlloc
CreateThread
GetProcAddress
CloseHandle
LoadLibraryA
GetLastError

user32

RegisterClassExA
UnhookWindowsHookEx
SetTimer
DefWindowProcA
CallNextHookEx
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
PostMessageA
SetWindowsHookExA
KillTimer

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

free
strrchr
strchr
fopen
fwrite
_stricmp
fclose
__CxxFrameHandler
_except_handler3
_initterm
malloc
_adjust_fdiv
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ