150649028df9f62db34df2ed88fba423 | Triage

Sharing

General

Target

150649028df9f62db34df2ed88fba423
Size

47KB
MD5

150649028df9f62db34df2ed88fba423
SHA1

e8f8d52aaa7ca4a6e408c1633220588b3b8aedec
SHA256

9a0ad9671a5e677b65ccf6d74841d061e266340289e7b6b2065653764ea2ad10
SHA512

1946e8b3e2a2819f873b8d159f92670926cc414935b15cb86c6dac2184c86185eb0f85d57f9f8812ed1f171819b29c4ed9c66935edc52f1a28fa6280855bdc6f
SSDEEP

768:rK58yH8NiZtFlzbIMaJycQWp48V5wh9XnUn585JTvjfOR:rE8m8gPoqWpNTwh9XnA8517fOR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
150649028df9f62db34df2ed88fba423

Files

150649028df9f62db34df2ed88fba423
.dll regsvr32 windows:4 windows x86 arch:x86

bd33bc424ce6caeb4abd57a4f70e6bdf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

send
recv
socket
connect
ioctlsocket
htons
closesocket
WSAStartup

kernel32

LocalFree
LoadLibraryA
GetProcAddress
GetLastError
GetModuleFileNameA
GetSystemInfo
WideCharToMultiByte
GetModuleHandleA
InterlockedDecrement
GetCurrentProcess
lstrcpynA
CreateFileA
FlushInstructionCache
Sleep
CreateThread

user32

CallNextHookEx
wsprintfA

msvcrt

_strupr
_strdup
_adjust_fdiv
_CxxThrowException
??1type_info@@UAE@XZ
_initterm
_stricmp
_onexit
__dllonexit
strchr
free
isalpha
isdigit
??3@YAXPAX@Z
__CxxFrameHandler
sprintf
??2@YAPAXI@Z
wcslen
malloc
realloc

ole32

CoCreateInstance
OleRun

oleaut32

SysAllocString
GetErrorInfo
VariantClear
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ