5b561d33800f8433437e56bc4aa94c70 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b561d33800f8433437e56bc4aa94c70
Size

106KB
MD5

5b561d33800f8433437e56bc4aa94c70
SHA1

401cce26dc5b09165ede145c2edc215871891bf0
SHA256

4e261c0eedc2c2fecaaf270ebb58847cc080b056c4b6d942c6e265ce91087a59
SHA512

621dc7b04c877d8c48a2a4a55784ca6ae24e471916ec73a65f73008bc2651b51d5c94c380ba6c86d60f90bfcdb9d9d33c587c5215ed3c585cb0bbe803c6e4e30
SSDEEP

3072:aBMprarUkqZXZ5HiUs8Zw1hMI7rATA3pK4YwN9y6:aWp2rUbVi3UOZZN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b561d33800f8433437e56bc4aa94c70

Files

5b561d33800f8433437e56bc4aa94c70
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

CODE
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ