79ceabdbcd633c73f73a364c40fa9600d5f30dedfc5ed14126e9692d578eca44 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

79ceabdbcd633c73f73a364c40fa9600d5f30dedfc5ed14126e9692d578eca44
Size

226KB
MD5

0523eebf68c7252eb576e97e62d3cfde
SHA1

1a1b2daa88b6d0160322a148a2dafca200029c41
SHA256

79ceabdbcd633c73f73a364c40fa9600d5f30dedfc5ed14126e9692d578eca44
SHA512

bb38294f9f468538c3010e6c01687d3776e13653d08ffc759918578ea7f37d2d5e5bef90052f35fda9c63b0def1fa645a9b3585ef34f91a23f6ea6d85e59b29c
SSDEEP

3072:kP6cW/ty1Ef+QffbP5Tc2zHTFKG53hLpOfqJlxAsx/uM5ij3fVyFvu581B81s8cU:d/tzB22zHxB5RIfqJrzcL+BE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79ceabdbcd633c73f73a364c40fa9600d5f30dedfc5ed14126e9692d578eca44

Files

79ceabdbcd633c73f73a364c40fa9600d5f30dedfc5ed14126e9692d578eca44
.dll regsvr32 windows:4 windows x86 arch:x86

58e0d9ec7d75a701911856311a21d9dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

version

GetFileVersionInfoA

ws2_32

inet_addr

mfc42

ord1146

msvcrt

??1type_info@@UAE@XZ

user32

GetClientRect

gdi32

DeleteDC

shell32

ShellExecuteA

comctl32

ImageList_ReplaceIcon

ole32

CoTaskMemFree

olepro32

ord251

oleaut32

LoadRegTypeLi

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

netsdk

ord117

h264play

ord82

configmodule

Config_Refush

winmm

sndPlaySoundA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE