bfc6b16e5f87ac99b007c342a0b4c322 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfc6b16e5f87ac99b007c342a0b4c322
Size

6KB
MD5

bfc6b16e5f87ac99b007c342a0b4c322
SHA1

8d1de8d7a4d4941659694b73f627d97e420215a9
SHA256

bc2e16289ff8d2776757ecf7f4cf949e33b2b5a3a65fd979910f86b595a5ac59
SHA512

644d2b950d6179b6dcb196a828ad8d15f50d7f4dd1964498f3de3435e9319d4b443a0f3b2d646cade6d8a45b78db066affc339fb0cfc73404d2ced3eb68fe92f
SSDEEP

96:ExXVk+ff+YLJvP5aUHMXqhSDCMpf357WLHh2FSHNpw5:aXVk+n+cvxaUHMXQSDC0PRWLh2FStp+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfc6b16e5f87ac99b007c342a0b4c322

Files

bfc6b16e5f87ac99b007c342a0b4c322
.dll windows:4 windows x86 arch:x86

6711e84975a138ac167ef81f39cb975a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowThreadProcessId
SetWindowsHookExA
SendMessageTimeoutA
UnhookWindowsHookEx
CallNextHookEx

kernel32

ReleaseMutex
GetCurrentProcessId
SetLastError
CreateMutexA
WaitForSingleObject
CloseHandle
DisableThreadLibraryCalls
GetLastError
LoadLibraryA
FreeLibrary

msvcrt

_adjust_fdiv
malloc
_initterm
strncpy
memset
strlen
free

Exports

Exports

RemoteFreeLibrary
RemoteLoadLibrary

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ