8afafc42f0f5523dda91933ed6f4e82a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8afafc42f0f5523dda91933ed6f4e82a
Size

12KB
MD5

8afafc42f0f5523dda91933ed6f4e82a
SHA1

f5753a0ea737482f840418ac7e433313dd381c6d
SHA256

d48f1b4cba6f06a070763d061fc03d579a5b45a207bf7173f1629190338ea9ce
SHA512

febd2175d06a8d2f31781d721997d123478b365a4109112e66f8e56b00da142e6964637272aa92dbe839e7166ccc5b6b15a2bbe39c83cc4843e9c0a260522964
SSDEEP

192:A2g0r0e8DPXD0sSfQ0SaKy+nsrp1psDC0RWvNDn:5NsAKytbpsDIv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8afafc42f0f5523dda91933ed6f4e82a

Files

8afafc42f0f5523dda91933ed6f4e82a
.dll regsvr32 windows:4 windows x86 arch:x86

85175a3b3dbfd309067f2883673f2615

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
lstrlenW
GetVersionExA
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
CloseHandle
ReadFile
GetCommandLineA
WriteFile
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
CompareStringW
FindNextFileW
HeapAlloc
GetModuleHandleW

user32

wsprintfW
CharLowerA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ