8a08a20909bc6a895d23cf9e3fab5997 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8a08a20909bc6a895d23cf9e3fab5997
Size

55KB
MD5

8a08a20909bc6a895d23cf9e3fab5997
SHA1

74ef42ee057a35850707aa17ff0a0988d83e59ed
SHA256

ced21a10d20dc03d9d359d3122c7ac05c8ffc7c6927d2e9c9021b03361cb41de
SHA512

6138d18812c763a0532e51cc1fb2451cbcdd6b56d3f8d11e46878ede25b4d565529af959ce2d3b019d68361bf125f778fdb0f3829440bc2513a4dea3a80170c5
SSDEEP

768:bNt0r97l+3BqgBDpM7ZulCzpUMhu2VHfT2vFSCzlVfE3cReZjl33niI+/r4adihD:bNt0kBPDe9uAzpqTsAPEeetl3Xg/kC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a08a20909bc6a895d23cf9e3fab5997

Files

8a08a20909bc6a895d23cf9e3fab5997
.dll regsvr32 windows:4 windows x86 arch:x86

3a9c5393aec647d2799a080dd4b62b50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

GetPixel

wsock32

WSACleanup

wininet

InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

CODE
Size: 49KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE