c4a8e691631ffa3e453920d318b8d740 | Triage

Sharing

General

Target

c4a8e691631ffa3e453920d318b8d740
Size

39KB
MD5

c4a8e691631ffa3e453920d318b8d740
SHA1

dd09476b0d943d5e0d60b8f0f540747c048bbe96
SHA256

41b3553bf934763a7ff44ff9162fb1cd2e52f8b74f80b94ce5dbcb734b3d33f0
SHA512

df2f0892026c874285b6dba872859e091ea242cdc7249fd25385001dac63607f4638c8fe00062fbe0693fa2320b1bbd7cb1c5948634da52a33a7f9f50cae0065
SSDEEP

768:fySqlQi0RmcCoT9sm8siHCjMAQDGZrcKY8QsxROwJyFtIO/1K:KSqlQUKTivsiHCj/QDWrcrZELwb1K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4a8e691631ffa3e453920d318b8d740

Files

c4a8e691631ffa3e453920d318b8d740
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ