94b1dd32c7b1f7a4d9d0dd7e4c301dd6 | Triage

Sharing

General

Target

94b1dd32c7b1f7a4d9d0dd7e4c301dd6
Size

254KB
MD5

94b1dd32c7b1f7a4d9d0dd7e4c301dd6
SHA1

17ec04d523899e9c63645aed68058404dbeeb557
SHA256

d384dfdd90da4645a8d74956534cfcef7fcbbf4ed654e61b3d27384616b4bc4a
SHA512

4873dfc934f5f58d2ac187af1233ca34f0b04737e0cb9aea8a5639fc1fb413bab1d232d6e56e7b9df6260b07eb87de1a0bd3b7499566220d432ebd4879697a58
SSDEEP

6144:gUwf3gO7PJhR6SaDxROwF7GmHPWJRQjWRvK:glBL65caimOJ0Ww

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

94b1dd32c7b1f7a4d9d0dd7e4c301dd6

Files

94b1dd32c7b1f7a4d9d0dd7e4c301dd6
.dll regsvr32 windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

BwwvhzWxnfyuiuxnwqKmhdeytb
DllRegisterServer
DllUnregisterServer
DxbszmupglprzetJgzzgbjrdjeoi
ResumeServer
StartServer
StartW
StopServer
SuspendServer

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdata
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE