b4a5066fa7088a4915c51c28f8a5649d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4a5066fa7088a4915c51c28f8a5649d
Size

16KB
MD5

b4a5066fa7088a4915c51c28f8a5649d
SHA1

21f3a83553305bc444203a59240ab81ef2cc7a88
SHA256

e678123c605c126203cbfb21a935f123b37c8f0ab84388e3ae86f6461edcd6d3
SHA512

974c4f96486102500b0d6563db37d64023e6f05a2ab2a539127e7a38d798f36fbbe8535fd4c1f9cdc7875bb0f12dc39fb8b64b3178d4e506e1b63453e9140f9b
SSDEEP

384:/lSs25a8WT4BTXXa2siIhVEwQV5AyTOwkO1F3w/t:f2Ad0LyHkVi2H3w/t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4a5066fa7088a4915c51c28f8a5649d

Files

b4a5066fa7088a4915c51c28f8a5649d
.dll regsvr32 windows:4 windows x64 arch:x64

9c0432e1910a7f6b5d39ec1826872d5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetProcessHeap
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
Sleep

Exports

Exports

Control
DllRegisterServer
DoNothing
FreeBuffer
Release
Start
WStart

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ