4743b2abd4dec9809f90802d3f4cf4fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4743b2abd4dec9809f90802d3f4cf4fd
Size

36KB
MD5

4743b2abd4dec9809f90802d3f4cf4fd
SHA1

ae085ac457e14805048acf71e8db3c3342d2fcf0
SHA256

cf24a5a15ee533bdea39d3ae2c1bfa2f532a28899964fd5830781899c0a0e57e
SHA512

4ce31e1435ea8b128a1d3092ed092d40df3da80dec1c272a1d4e448d97c508695acc7a107d122904e9c8bd833f7909ae29698373826db22a628dcb80d6fee203
SSDEEP

768:FHh1FcaiswAT8cJFtPpQh2RC29NArCmha25tXvQ:FHftHZgc3rQh9Om/tY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4743b2abd4dec9809f90802d3f4cf4fd

Files

4743b2abd4dec9809f90802d3f4cf4fd
.dll regsvr32 windows:4 windows x86 arch:x86

26d038047d715ca927b36e199dc8390a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
LoadLibraryA
GetProcAddress
DeleteFileA
InterlockedIncrement
WritePrivateProfileStringA
GetModuleFileNameA
GetLocalTime
GetSystemDirectoryA
GetWindowsDirectoryA

user32

CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
CreateWindowExA
ShowWindow
FindWindowExA
PostMessageA
DefWindowProcA
RegisterClassExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

_initterm
free
strrchr
strstr
_access
??2@YAPAXI@Z
_stricmp
malloc
_adjust_fdiv
_strlwr
sprintf
__CxxFrameHandler
fclose
fwrite
fopen
strchr
??3@YAXPAX@Z

Exports

Exports

DllRegisterServer
DllUnregisterServer
JmaGopPOEujjIcr
phVAAXhicLG
qXfw

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ