be5be7a2e2d33e2bd0b917c22dbeb08e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be5be7a2e2d33e2bd0b917c22dbeb08e
Size

75KB
MD5

be5be7a2e2d33e2bd0b917c22dbeb08e
SHA1

02f37bf855cd8973828192be446229cfdcdc6692
SHA256

6a076f49c5f01bca81afcbc4e0f2160c9cd8f5f11e862f152f0302027f5fe0cf
SHA512

667dd75de5fac7a6ae0f03d9f51ac5c5add3b174eacf4745c872a00a623eade64745e0bab8d01edcfc203ed5637e389d3d2b127609d5c95045be7df7c5eaf212
SSDEEP

768:Icx2E2Gm4WvuoEo97biaL/RPPd+vMyT3/Gv9+1HYo9StMMjiApQPtQNxwR+B9N1n:IcsE2Z4WvwoZiGs/M9c4RMTPECjp5Ij

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be5be7a2e2d33e2bd0b917c22dbeb08e

Files

be5be7a2e2d33e2bd0b917c22dbeb08e
.dll regsvr32 windows:4 windows x86 arch:x86

168a0c79c21990926f149bb28783831f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wvsprintfA

atl

ord57
ord30
ord23
ord21
ord15
ord18
ord32
ord16
ord58

kernel32

InitializeCriticalSection
GetStringTypeW
DebugBreak
HeapAlloc
HeapFree
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryA
RtlUnwind
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
GetSystemInfo
HeapCreate
lstrlenW
Sleep
DeleteFileA
GetStringTypeA
MultiByteToWideChar

oleaut32

LoadRegTypeLi
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_16101976

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ