1801e349a9ffd44a3849ab1558954a4b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1801e349a9ffd44a3849ab1558954a4b
Size

101KB
MD5

1801e349a9ffd44a3849ab1558954a4b
SHA1

fdb8cfa5431f961fb95ba953a2f5978ef6f43b14
SHA256

cf2f2443f86cea42a59825bd6f31c775c0163e5011f3b05cd71a417d29d7cbb1
SHA512

f9200ded06d62a6591a5e031c331583613cba9166d0164dcd11bb010d35f097a6d03f2fe9470992671c06d57f6db87238a7d78a48cd0adabfb3a4ab34975f4e5
SSDEEP

3072:ie0W1Hg5H6j2BL90uuRCNrHcMA3/KmhNdbRIR:iRWxg5ai60rI/KmbR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1801e349a9ffd44a3849ab1558954a4b

Files

1801e349a9ffd44a3849ab1558954a4b
.dll regsvr32 windows:4 windows x86 arch:x86

2efe3e0f39b4126c2aa6c488641fbcdc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

EnumSystemLocalesW
lstrcmp
LoadLibraryExA
GetProcAddress
RegisterWaitForSingleObject
CompareFileTime
WaitNamedPipeW

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Lkmelap
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ