c8c0c8464eb200e98cc49fcf7cc77e8b | Triage

Sharing

General

Target

c8c0c8464eb200e98cc49fcf7cc77e8b
Size

475KB
MD5

c8c0c8464eb200e98cc49fcf7cc77e8b
SHA1

47edb31484b96be4759f180a7b2dbc3b5c0c46b4
SHA256

2fac22373d04af3e50d49729d5a0ffcf90343792d52eff84bbf800d840c070e6
SHA512

4da938433816fa50577a472fc7c2b576b08277085939063fb4c80227b7918c3d835e977f03dd75855fac277e86c704e1ef41a6f712bd7ecdb95645c7c4d6f596
SSDEEP

12288:ZYcE+K1+0qWIo0AAZVOCjsvXWl2/1b/lDEZGtCzCUp02pkyxo++D6YX7S4qfo5x2:N/lI+ivUgO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8c0c8464eb200e98cc49fcf7cc77e8b

Files

c8c0c8464eb200e98cc49fcf7cc77e8b
.dll regsvr32 windows:6 windows x64 arch:x64

bffa884c141cfb9f17c42805b9961e26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadPriority
TlsGetValue
WaitForSingleObject
WaitForMultipleObjects
CreateThread
CreateFileA
DeleteCriticalSection
EnterCriticalSection
GetCommandLineW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
Sleep
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
GetSystemTime

Exports

Exports

DllRegisterServer
DllUnregisterServer
PauseW
ResumeW
StartW
YjnhqbmqgotmtPehoolinfwuqypj

Sections

.text
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE