2170a3becd002b173d1f667696d23248 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2170a3becd002b173d1f667696d23248
Size

32KB
MD5

2170a3becd002b173d1f667696d23248
SHA1

ad79d766ebf6b59fc539a0e3ada6c5ef3be9e30c
SHA256

db91b02e825a33e0590e1cae76fa5fd7dfce0529b9f318d57085c70bbb9ec0aa
SHA512

e2a587edabca1748e99dd0aab11d8652aca596fbdc070d7f479fa22b01cfe6a3a36cc3a93f191bd25cedb7ad3403052121dec919da328b900172e3b83e66dba4
SSDEEP

384:3BSnf+LsHnwohRg0chjExpgW/zSpUJ4AbaDkIl:xSmLsHwgRg0chjExpgW/zSpUJ4AbaY8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2170a3becd002b173d1f667696d23248

Files

2170a3becd002b173d1f667696d23248
.dll regsvr32 windows:4 windows x86 arch:x86

f06ef7e52d62a244caeea008d2a861c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetLocalTime
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedIncrement
GetModuleFileNameA
CloseHandle

user32

UnhookWindowsHookEx
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
SetTimer
KillTimer
PostMessageA
DefWindowProcA
CallNextHookEx
RegisterClassExA
CreateWindowExA
ShowWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

_initterm
free
__CxxFrameHandler
strchr
fopen
fwrite
fclose
_strlwr
malloc
_adjust_fdiv
_stricmp
??2@YAPAXI@Z
strrchr
_access
sprintf
strstr
??3@YAXPAX@Z

Exports

Exports

DllRegisterServer
DllUnregisterServer
KFtCiMStYcIC
KNnmWFFzQLd

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ