5494e6d23bf045f402d8641721f3cc70 | Triage

Sharing

General

Target

5494e6d23bf045f402d8641721f3cc70
Size

14KB
MD5

5494e6d23bf045f402d8641721f3cc70
SHA1

6fd116f983c7e08846502481361b666cf8c7e10b
SHA256

59c573cb7dc94b1ea5937efd8ff2c58e71308d561ac655b2f8e2fc54fcbe27e7
SHA512

c4f723d56fa75f647d605146af9135319c90d24a3d75cdba35f97db135e99323ff2478efa49102834107f1329f179e34f4c6863b5d66f948f8ce51a334e9f658
SSDEEP

192:B1bIhCQpxWzwNO6eTuLykPuFyOmoVySNKFcTMjMdiOq0TMj2o//RPds:/chCQpxf86eWybKGTMQq0TM26R1s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5494e6d23bf045f402d8641721f3cc70

Files

5494e6d23bf045f402d8641721f3cc70
.dll regsvr32 windows:4 windows x86 arch:x86

b27cccb2d3eeddef865d34d445fbca5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
MultiByteToWideChar
lstrlenA
lstrcatW
lstrcpyW
GetFileTime
GetVersionExA
GetSystemDirectoryW
GetCommandLineA
ReadFile
GetCurrentProcess
ResetEvent
GetWindowsDirectoryA
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
CompareStringW
LoadLibraryA

user32

wsprintfW
CharLowerA
AnyPopup

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ