71da7690e0efcfeaebc74684960053ac | Triage

Sharing

General

Target

71da7690e0efcfeaebc74684960053ac
Size

42KB
MD5

71da7690e0efcfeaebc74684960053ac
SHA1

707415e6f2f76c0dd32828e32d3510509ee7213a
SHA256

c3301a4571749953f7dac5cfbddafcfdb0df4422618bf177de09d5bea0068873
SHA512

5ff2d74a6b019166387be5dade9eaa005fe2560556b217412b9b0cfeb5695e3f9a502d7901e7bcfcc6496487c702b2f2e212c9b237c935fe4deb4dec5b3f7edb
SSDEEP

768:atj+ZsANytyuDqIeJ6PLuCO2qQlgTuorrOw6tOl3RT0bxUsTWQ2fx:WjFCPpcPLuCO20aoQM3RgVUFJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

71da7690e0efcfeaebc74684960053ac

Files

71da7690e0efcfeaebc74684960053ac
.dll regsvr32 windows:6 windows x64 arch:x64

5eddc054fb0b48a4bdf81f75f9b1b4c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

ord15
wnsprintfA
StrStrA

kernel32

GetModuleFileNameW
Sleep
GetProcAddress
LoadLibraryA
GetCurrentThreadId
GetCurrentProcessId
DeleteFileA

user32

GetMessageW
DispatchMessageW
GetForegroundWindow
SystemParametersInfoW
GetSysColor
SendMessageW
GetWindowTextW
SendMessageA
SetTimer

gdi32

GetBkColor

Exports

Exports

?hoperd@@YAHXZ
?kompw@@YAHXZ
?paramt@@YAHXZ
DllRegisterServer
DllUnregisterServer
PluginInit

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ