a181312e17a2241cb822e9ef2e61e0b0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a181312e17a2241cb822e9ef2e61e0b0
Size

40KB
MD5

a181312e17a2241cb822e9ef2e61e0b0
SHA1

8aff6a8c15fb8d30b3179c8c423296680df9b5bd
SHA256

bdc5c6e6c6e4104eedd03d3fb747ba9b93eff2ed668ab87212a9c5c788c2e60c
SHA512

539580717f6044ebd40e79ce8033316301077a7753bbdf162e8319a7539a7155eb3c2196e261a6919c3f7fcca6afe3f941663f3fb9e0db1b9f5796658e89f916
SSDEEP

768:1eLiWDpkav9eaLX0ZSBg46H2O9dgLa1lyv+m:sLkjaoZS/6HpqLa3Lm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a181312e17a2241cb822e9ef2e61e0b0

Files

a181312e17a2241cb822e9ef2e61e0b0
.dll regsvr32 windows:4 windows x86 arch:x86

3a805d40c1627ce1dddc6a94efb1cc8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetSystemDirectoryA
GetLocalTime
CreateThread
GetModuleFileNameA
WinExec
VirtualAlloc
InterlockedIncrement
LoadLibraryA
GetProcAddress
CloseHandle
CreateMutexA
GetLastError
CreateProcessA

user32

CallNextHookEx
KillTimer
DefWindowProcA
CreateWindowExA
ShowWindow
UnhookWindowsHookEx
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassExA
FindWindowExA
PostMessageA
SetWindowsHookExA
SetTimer

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

free
strrchr
__CxxFrameHandler
_except_handler3
??2@YAPAXI@Z
_stricmp
??3@YAXPAX@Z
strchr
sprintf
_initterm
malloc
_adjust_fdiv
fclose
fwrite
fopen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ