cb69b258ff85357d6b30805e0d3f3e9c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cb69b258ff85357d6b30805e0d3f3e9c
Size

43KB
MD5

cb69b258ff85357d6b30805e0d3f3e9c
SHA1

66311d03a1d3c62c5884f8e1ec26227ffcb2b074
SHA256

c10033239c508683126c3cb78953f902efeabafeb52e029d85c2cf66ac1ad40a
SHA512

663a232e5fa1788d9f50d4863f93f6a4a4c99f19990c3bc8897fed9f917f20b361b0059ea2c829d3f07fe43fcda12da7bd9e68c64f1f56ad792e99d4f8eeeddf
SSDEEP

768:Qzw8zv4l8CwwKOa3o/ucWGgREiojobPqEy1vrpdTQoYzQ5tj:QzwK4yCwwraMunGgREebPtw1d0zQn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb69b258ff85357d6b30805e0d3f3e9c

Files

cb69b258ff85357d6b30805e0d3f3e9c
.dll regsvr32 windows:4 windows x86 arch:x86

1c2d42a4e533f3c86f1f4597355c880c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenGroups
CloseEventLog
CryptGetHashParam
CryptSetHashParam
DeleteAce
DuplicateToken

kernel32

WinExec
ExitProcess
TerminateThread

msvcrt

_chkesp
_ctype
_eof
_except_handler2
_CIacos

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 22KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE