40bd35ef72506f3f44922d201fe5385a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40bd35ef72506f3f44922d201fe5385a
Size

9KB
MD5

40bd35ef72506f3f44922d201fe5385a
SHA1

a2e52bfeceddfea9a6851afb200a647b82e112c7
SHA256

2238a5cf152ec329fcf01dd56095fb645b9cd257fef5d01df2006377d101d71d
SHA512

144aab4be768d0f12ed7e4446ee4741b8f3500d4b2c437f599ae449b991d9c81d23620fff893eb1804aa3b2620debf03dc99f5ce4944b133e036de684efb1a3d
SSDEEP

192:l4LoITf2UZaz9UKxuCBzLetYWLnJshh6yySiu5SkniSKfAX:luo6eUIRDx5BfeqqnicyyDkniSK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40bd35ef72506f3f44922d201fe5385a

Files

40bd35ef72506f3f44922d201fe5385a
.dll regsvr32 windows:4 windows x86 arch:x86

4612d407483df2833bbfb9aba0934aea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ConnectNamedPipe
Sleep
InitializeCriticalSection
CloseHandle
TerminateThread
lstrcmpiA
GetModuleFileNameA
DisableThreadLibraryCalls
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
CreateThread
LeaveCriticalSection
DisconnectNamedPipe
FlushFileBuffers
VirtualFreeEx
GetCurrentProcess
DeleteCriticalSection
CreateNamedPipeA
ReadFile
WriteFile
GetProcAddress
GetModuleHandleA
lstrcmpiW
OpenProcess
GetCurrentProcessId
GetModuleFileNameW
HeapFree
EnterCriticalSection
GetLastError

atl

ord16

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ