date1%3fBNLv65=pAAS | Triage

Sharing

General

Target

date1%3fBNLv65=pAAS
Size

278KB
MD5

57e32ee603bf5f7fbf4e4befaac52258
SHA1

da49de88e610e677b2c2ba48b5596933c2288488
SHA256

eed363fc4af7a9070d69340592dcab7c78db4f90710357de29e3b624aa957cf8
SHA512

e42f7852fab4c02f54d43ba39326338c7a2f3093d99147dd1cf677c8cedab2281537c41e1cc497162f37e328b93a0ff14858b2d6438e3e2580b953bf875571d4
SSDEEP

3072:BaACsfDoGKOKRj6Yi7NUXn6cN5Va6CrLpnL/1PiLfYLebfU/tSXBXek7z:BaAn8FRj6Yi7N66iuMfYefUVSXRZ7z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
date1%3fBNLv65=pAAS

Files

date1%3fBNLv65=pAAS
.dll regsvr32 windows:6 windows x64 arch:x64

Password: infected

bca3ee8a0e3f7bb5fa6ef50a7287a698

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WaitForMultipleObjects
CreateThread
CreateFileA
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
Sleep
TlsGetValue
WideCharToMultiByte
DeleteCriticalSection
EnterCriticalSection
GetCommandLineW
GetLastError
GetThreadPriority
WaitForSingleObject
LoadLibraryA
GetSystemTime

Exports

Exports

DllRegisterServer
DllUnregisterServer
PauseW
PwhofoIfewflrgnyMdavmwtzhe
ResumeW
StartW
UjgxxefiqGxtnpvqjgt

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ