1a6889b89dbf56d23f74b9dd931396b3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a6889b89dbf56d23f74b9dd931396b3
Size

461KB
MD5

1a6889b89dbf56d23f74b9dd931396b3
SHA1

48742e94053901b06e6f5d4d45cf5370f7fe1d66
SHA256

20bb4dc9c5050887688e33406a30ba3fa8cead96e568e938b84a2b9d4a1ce370
SHA512

090641639981f3830e2bf938e251e1a4254c2c529df7e37f0453718a29d4cfb454bce17c0edced0efa2c4c2331042beeb5d348174eed0711d24a6cd384136a58
SSDEEP

12288:yC6uG37S16/BN2Ihf9RkyxjPcmXqDxFNpfmg2CPRB:TrEblKugmXkPr+gjD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a6889b89dbf56d23f74b9dd931396b3

Files

1a6889b89dbf56d23f74b9dd931396b3
.dll regsvr32 windows:4 windows x86 arch:x86

9760789fd680793f647f914844dd9226

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

IsEqualGUID

comctl32

_TrackMouseEvent

wininet

InternetGetConnectedState

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 425KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE