1bf2877e89885f69390811468886df8e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1bf2877e89885f69390811468886df8e
Size

55KB
MD5

1bf2877e89885f69390811468886df8e
SHA1

9c7fd45895abb22114f4d067b551781fdc684cf8
SHA256

c65959a11f2da83ec192bcb5ab4d2f0fe7520a4e526ca1568b69cbae841746c3
SHA512

7ecf0062081c0746dadad2a1ebbee1516381ddc7861cf0223992bd86d81e4650a38b8e028909deff24cd18c5302c6c235f249e08a6ebd985b40e571d7b1d1ec4
SSDEEP

1536:ayWFc3od4XDIM0RwyZRp7hTL7IB+/OiSA2HLEA05:ayZ3c4XkTBZ37h8B+DT2rEA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bf2877e89885f69390811468886df8e

Files

1bf2877e89885f69390811468886df8e
.dll regsvr32 windows:4 windows x86 arch:x86

3a9c5393aec647d2799a080dd4b62b50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

GetPixel

wsock32

WSACleanup

wininet

InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

CODE
Size: 49KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE