d43e07870f3b6ae812038b7566565bac | Triage

Sharing

General

Target

d43e07870f3b6ae812038b7566565bac
Size

466KB
MD5

d43e07870f3b6ae812038b7566565bac
SHA1

56e55f25c56336f340f5425207508c4c7ad1cc1a
SHA256

033583f27d4f2eeb2daad014a771369c45e117430e376bc2fe693961ce33ca54
SHA512

fd69fd38caa3135e8702840f9568c04e1298555ea99dfa07d4119ff1d584487ad79c2614616d8b09d448eb6f7d44a2e6ad8f727c226589ce836af53ec0dcc53e
SSDEEP

6144:4jpCzcjuQ/9zoaV3EeVHq/Ca6VbrdRNMA:4jQojuS9zoadEYHq/CjtN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

d43e07870f3b6ae812038b7566565bac

Files

d43e07870f3b6ae812038b7566565bac
.dll regsvr32 windows:4 windows x86 arch:x86

a7358e273420e00f3ba4c1e15be44db1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetTickCount
LoadLibraryA
VirtualAlloc
VirtualProtect
GetLastError
lstrcmpA
lstrlenA
lstrcatA

user32

GetWindowDC
CheckDlgButton
GetGUIThreadInfo
CheckMenuRadioItem
CheckRadioButton
GetMenu
GetKeyboardType
CheckMenuItem

shlwapi

StrToInt64ExW

advapi32

CryptHashSessionKey

imagehlp

SymGetTypeFromName

Exports

Exports

DllRegisterServer

Sections

.code
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hsiv
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ