bfa8d7767b36a47b6b5c4439ecf2a41a | Triage

Sharing

General

Target

bfa8d7767b36a47b6b5c4439ecf2a41a
Size

77KB
MD5

bfa8d7767b36a47b6b5c4439ecf2a41a
SHA1

934e1897a9ef4938d2b92e5d24b235dd07c5e88e
SHA256

d4730206161864ce74016271dafb5cda46fe153fbf4f9ed39d1bb2d64b9fa2f5
SHA512

0bd30194afd0dfe4a350980c80cae2e149ecc49628a5b4e7a2f53a8a43372bd1eb096db5ec8080ba096e871ae1aebb999e206622205788b27ab7762e4a32933f
SSDEEP

1536:9G1M3aEMQhV/N2+/jxEdNlpyVhqUcRutFFCBu0kXCGu5AQUq:0QaJQhV/jj2NghJtFFCBu0kSd5Uq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfa8d7767b36a47b6b5c4439ecf2a41a

Files

bfa8d7767b36a47b6b5c4439ecf2a41a
.dll regsvr32 windows:4 windows x86 arch:x86

14e8febf31d373d6465c81a9d9ac61ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
LoadLibraryA

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain
WLEventLogoff
WLEventLogon

Sections

.text
Size: 75KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE