bf5692dfa54a8ae2d2610a53af001f0b | Triage

Sharing

General

Target

bf5692dfa54a8ae2d2610a53af001f0b
Size

42KB
MD5

bf5692dfa54a8ae2d2610a53af001f0b
SHA1

08d35ef098fd3d3a0959632aaece6bdb4b07b477
SHA256

e16d4077f5edeae0c770fba3097299d6cc244e5e4db01055dbe52c7c2e6305ca
SHA512

e824f1f5519cc0b3bf76996618bc0a5a5a4205d035a7e5848adcd8ad5ac7c6b53a3f84950d32e7d3f8462ef37107b6848f7859a286f84b48180e3989d4d0867d
SSDEEP

768:URwTU/y7MTwqsiZfg3YYaXHpkaxni5NF9OxwkwNIC+ib4t:URwTytfgoYAi55tOekFb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf5692dfa54a8ae2d2610a53af001f0b

Files

bf5692dfa54a8ae2d2610a53af001f0b
.dll windows:4 windows x86 arch:x86

223b86e598b92c661cce681a4242c236

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

avicap32

capCreateCaptureWindowA

ws2_32

listen

user32

ExitWindowsEx

shlwapi

StrCmpW

winmm

waveInUnprepareHeader

ole32

CreateStreamOnHGlobal

advapi32

RegQueryValueExA

psapi

GetModuleFileNameExA

imm32

ImmReleaseContext

msvcrt

strrchr

shell32

ShellExecuteA

gdi32

CreateCompatibleBitmap

Exports

Exports

tgyhuji488
DoService
ServiceMain

Sections

.edrf
Size: 27KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE