0ab5551f37668cf333599dc1ba72efa8 | Triage

Sharing

General

Target

0ab5551f37668cf333599dc1ba72efa8
Size

209KB
MD5

0ab5551f37668cf333599dc1ba72efa8
SHA1

dc83355f24656b53d729aa3ec371101c571625fc
SHA256

002fc514b55c8c5878988dfe23ffe297e2b645205dc612fed955ea77254a5f79
SHA512

1f8c6a41a4d0a3272f0c9bb2ad59854419165dec48af5b364c5807dffffb538c7ab2f242546666e8afbad1e8c0919241b5cba3ba9023b6ea8d31d30fa16fb5dd
SSDEEP

1536:bK7Eu2ghJQQFFba6Q+5sWcRQBP2HU8yFYYHDWhDA2wRMlv/mEma6p/s8Kt34TEzX:LgnQQLRmtHmI9oYCmkUQrb45k+KS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ab5551f37668cf333599dc1ba72efa8

Files

0ab5551f37668cf333599dc1ba72efa8
.dll regsvr32 windows:6 windows x64 arch:x64

560c5900fe940cbdf0d5621bbb07d935

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrA

kernel32

GetCurrentThreadId
GetCurrentProcessId
CreateFileA

user32

GetClassNameA
GetSysColor
SystemParametersInfoA

Exports

Exports

?loptew@@YAHXZ
?tupobw@@YAHXZ
DllRegisterServer
PluginInit

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ