0ad103213efbfc5d9c6c6fac727a2581 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ad103213efbfc5d9c6c6fac727a2581
Size

622KB
MD5

0ad103213efbfc5d9c6c6fac727a2581
SHA1

c1c653af342a26b265e17b0f1605dd7444bc93f8
SHA256

b24cf1b489d782b44d04a65719c24d51182515eadc88d0ec043d1bf159798e71
SHA512

d4f17c6833226967bb22e29ef055808d3f703f6853563ba157a46c7ea63ca03c71693a988c8065539ef9e4c1f16427ee9dc796b06f4608137fa111a4d3a7d79d
SSDEEP

12288:YC2ABPjbyZfuz3Pb30uL87Hz+7LJ6+kCZe/1qStBGWkQWaR:n2aPjbyZWzbksStXh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ad103213efbfc5d9c6c6fac727a2581

Files

0ad103213efbfc5d9c6c6fac727a2581
.dll regsvr32 windows:4 windows x86 arch:x86

abd9a1750a70ef6616ceaf37f0f2990f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

IsEqualGUID

comctl32

_TrackMouseEvent

shell32

ShellExecuteA

Exports

Exports

CGIIJJJLLLLNNNNPPPPRRRRTTTTVVVVYYYYY
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 610KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE