8b9651cff0ec24de2b0431a6c0208ff0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b9651cff0ec24de2b0431a6c0208ff0
Size

57KB
MD5

8b9651cff0ec24de2b0431a6c0208ff0
SHA1

ae32ab04f82b2e9459ec509f51fc373beaf7f629
SHA256

f2be3ed7d665331ef9375a3fdccdccd3660c174a8af4e718bce24b9f7e372052
SHA512

ef17079be63c1c42cf83b5d9870f404c12ca0eecb7fec7c8ad7ae72369e3258ae2c2cbba955b9f60cf214df8e8cb5c3ea5a775c53bc44a4618bcab724f70406e
SSDEEP

1536:dZoOQeP15YCslCvzF757+Rcl/K5InG4XM:A6fslCrF7QcNqQM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b9651cff0ec24de2b0431a6c0208ff0

Files

8b9651cff0ec24de2b0431a6c0208ff0
.dll regsvr32 windows:6 windows x64 arch:x64

cfa8dd488fd4044f7dbcc5838881a33c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetCurrentThreadId
GetCurrentProcessId
GetProcAddress

Exports

Exports

?druio@@YAHXZ
?dweby@@YAHXZ
?hoprtw@@YAHXZ
DllRegisterServer
PluginInit

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ