bfb2845655ab15999294db4cee6f4372 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfb2845655ab15999294db4cee6f4372
Size

81KB
MD5

bfb2845655ab15999294db4cee6f4372
SHA1

0efc5deeb10ae9d000942b3cef509cd9d26abf9e
SHA256

f4800a755406d8fad19d7d3b91ddbfc72bc06146d110b95555b6449c5aef0221
SHA512

83c67dae99e7f6d2048f9740bc74ed69770ea91d5d206ff6763ba816a5a97514705f5707afda27970f6242ba84bb7209b69fdc425994adac520942231feb1321
SSDEEP

1536:eWJXy5x5MvwKVzze5C7Q6WqnsLWRmVzwxqyJQO5ZU4pq:eWJXy5avVPACk60CWUxqiZO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfb2845655ab15999294db4cee6f4372

Files

bfb2845655ab15999294db4cee6f4372
.dll windows:4 windows x86 arch:x86

b779aba8178fcad06b6a77484befb7c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
GetProcAddress
LoadLibraryA
GlobalFree
GlobalAlloc
DisableThreadLibraryCalls
GetCurrentProcessId
GetModuleFileNameA
SetThreadPriority
GetCurrentThread
FindNextFileW
SetLastError
CreateProcessW
CloseHandle
lstrlenA
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualFreeEx
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
VirtualProtect
FreeLibrary

user32

SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
CharLowerA

advapi32

RegEnumValueW

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msvcrt

_itoa
wcstombs
free
strstr
wcslen
strrchr
malloc

Exports

Exports

Hook
Unhook

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDAT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ