3f5eda2185db6ee75db7efa7fe1466c4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f5eda2185db6ee75db7efa7fe1466c4
Size

111KB
MD5

3f5eda2185db6ee75db7efa7fe1466c4
SHA1

30b39debed73660262663cc3decbce1b0afb926d
SHA256

f274df140d3c38c091c92395497942051c2e15a60fbaca6c82c464779f4eb37d
SHA512

0aedad8571038dfd0af3645651c236b40ea8e2ddd2208cc7141956bbfcd7a737ebede8f8453acbf04399c1541d8f4bd496f9b1a2446b2381fce178c9c847e6da
SSDEEP

3072:5jOeOK7siSF18K6Ud1nA3pUiJXaF1DAhN0:5p7sHiK6Udl4yGsDAha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f5eda2185db6ee75db7efa7fe1466c4

Files

3f5eda2185db6ee75db7efa7fe1466c4
.dll regsvr32 windows:4 windows x86 arch:x86

bc33e0d58c61198dfaa558558dad22f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

advapi32

OpenProcessToken

shell32

SHGetFileInfoA

ole32

StringFromGUID2

oleaut32

SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE