64f018fd83a1394e344098b745c6613e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64f018fd83a1394e344098b745c6613e
Size

13KB
MD5

64f018fd83a1394e344098b745c6613e
SHA1

8ea5c226374e5539368f19664ef7282183d7f592
SHA256

2eb1c19527755d99f6dbfddb53db8b3c583df18c837eb1e913863601e2a35492
SHA512

182938f75ddfedb1189528292820d716c84b48f6fa7be14dc0933ded78d4123aab5cef82bcef7bac7c1ed60b3b58e56615ea89a75b0520d0cce63ce4944b999d
SSDEEP

192:WbrkCT3OeRtQIOmhgdTEQuUSqKy+R/MoD4rHjDp0RWv38WLm:gki9uZEQBKyQWDD1vMC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64f018fd83a1394e344098b745c6613e

Files

64f018fd83a1394e344098b745c6613e
.dll regsvr32 windows:4 windows x86 arch:x86

08fe0db62dcb819211257b3459b3d3ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
lstrlenW
GetVersionExA
lstrcpyW
lstrcatW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
SetFileAttributesA
HeapAlloc
GetProcessHeap
SetFileAttributesW
Sleep
RtlUnwind
lstrcmpA
CompareStringW
WinExec
HeapFree
GetFileAttributesA

user32

wsprintfW
CharLowerA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ