41f48b8451835345d45293e9b8b69a379d4cdb72ef01414f9b16b72a88a7357f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41f48b8451835345d45293e9b8b69a379d4cdb72ef01414f9b16b72a88a7357f
Size

288KB
MD5

6cbc6a967ad2440f561953cd8b9d10ea
SHA1

956f2d80f13973de576cd9a1ddd9c25af37b4b76
SHA256

41f48b8451835345d45293e9b8b69a379d4cdb72ef01414f9b16b72a88a7357f
SHA512

a6bba7a87d924b1b01a053fef4b1f4bdae0239c3394ae2cc1b2dc70ee33311afa9a04c1fcb63707b3c70613e175fcebc38f428cd05b6033fd8d6745fda21cffd
SSDEEP

3072:hlGpE52QiqNb6Z3rOUO+OjIIMK4sPX/WSRsbI:hgh7OUo+K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41f48b8451835345d45293e9b8b69a379d4cdb72ef01414f9b16b72a88a7357f

Files

41f48b8451835345d45293e9b8b69a379d4cdb72ef01414f9b16b72a88a7357f
.dll regsvr32 windows:4 windows x86 arch:x86

5732fa497eb4a85f8ae90d0c23beb307

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CreateStreamOnHGlobal

kernel32

RtlMoveMemory

msvbvm60

ord690
ord697
MethCallEngine
ord518
ord519
ord591
ord593
ord300
ord594
ord303
ord598
ord305
ord306
ord520
ord309
ord709
ord632
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
EVENT_SINK_Release
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord313
ord712
ord606
ord608
ord716
ProcCallEngine
ord644
ord645
ord685
ord101
ord102
ord103
ord689
ord104
ord105
ord617
ord619
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ