3806f5fabbd915e2cf0631ad4b268fcf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3806f5fabbd915e2cf0631ad4b268fcf
Size

12KB
MD5

3806f5fabbd915e2cf0631ad4b268fcf
SHA1

5e21ae2b85d969a09f04f7341149ad921b3d1bbe
SHA256

2b216aab09973faba9786bcd85c69e4cb5c876200c99d533d158e1f165ff8b01
SHA512

9f6446df20d3540917a44453d393f9b11d4c112b271625c60bda1c7a428af2d5bacd8ece78f3a99f3ac99d018cb03328465ca43d2905d0002a2d031bdf7e8e84
SSDEEP

192:gWX0Zq8zvDsMSfQUSaKy+nRrSP3/zDC0RWvKXhGC:TMgKyYQ3rDIvwGC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3806f5fabbd915e2cf0631ad4b268fcf

Files

3806f5fabbd915e2cf0631ad4b268fcf
.dll regsvr32 windows:4 windows x86 arch:x86

85175a3b3dbfd309067f2883673f2615

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
lstrlenW
GetVersionExA
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
CloseHandle
ReadFile
GetCommandLineA
WriteFile
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
CompareStringW
FindNextFileW
HeapAlloc
GetModuleHandleW

user32

wsprintfW
CharLowerA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ