bac99f7a488ac0499ea1636f4d16dd3dfca2c1c4ebff06c3374d194ce16b8233 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bac99f7a488ac0499ea1636f4d16dd3dfca2c1c4ebff06c3374d194ce16b8233
Size

4KB
MD5

0c6b41d25214f04abf9770a7bdfcee5d
SHA1

805ab904bfd0a55413b10105ff9d97acf54653f5
SHA256

bac99f7a488ac0499ea1636f4d16dd3dfca2c1c4ebff06c3374d194ce16b8233
SHA512

e220440c80460d02e793fd5e16905d95d48325df3aeba2555ca8e80e35878c85f62ead170fa089a5a7d6f63770c4296897bbe94a81ca57eb86b531cbd95c8eae
SSDEEP

48:6sSV5IWmvE1etG7Ehgz1NBIPNawqtAaAHY2PqhtPr8Ma35MiF8ZZ0J7O:m5IWm6vz1NyartAaAyEz8Zi8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bac99f7a488ac0499ea1636f4d16dd3dfca2c1c4ebff06c3374d194ce16b8233

Files

bac99f7a488ac0499ea1636f4d16dd3dfca2c1c4ebff06c3374d194ce16b8233
.dll regsvr32 windows:5 windows x86 arch:x86

8345be85b7b7a5e980f8bc8bae8bf52e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
HeapReAlloc
IsWow64Process
ReadProcessMemory
Sleep
WaitForSingleObject
WriteProcessMemory

ntdll

RtlComputeCrc32
RtlImageNtHeader
strlen
wcslen
_wcslwr
NtClose
NtQuerySystemInformation
NtOpenProcess

psapi

EnumProcessModules
GetModuleBaseNameW

Exports

Exports

DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ