dfce5aca373646c13c4442150b76f390N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfce5aca373646c13c4442150b76f390N.exe
Size

1.7MB
MD5

dfce5aca373646c13c4442150b76f390
SHA1

2732bffd18f425f0f96131ccb2f508ff9d87ac5f
SHA256

11a9f0d52b399878a729272e2f4731fcbac00432818b2702563e32884e9c028b
SHA512

68fa452d9ccd5a26d0d901b7db1864d5873a46ef4152e3c6941673d2698cd87eacbc75d65bec42cc20d0d8b2e945fa1cb8195aa1f2fb81a73984594ccfe5c27c
SSDEEP

24576:pLLCjN6tXLh0F1Ih2+HAEZwEqtacaR8rgQ6jmxSfP3PKq:pOsIaDnSXaMdSfPiq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfce5aca373646c13c4442150b76f390N.exe

Files

dfce5aca373646c13c4442150b76f390N.exe
.dll regsvr32 windows:5 windows x86 arch:x86

006746f8837eeeceb6828472e482394a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
malloc
free

atl

ord30
ord58
ord32
ord15
ord23
ord57
ord18
ord21
ord16

kernel32

LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetStdHandle
DisableThreadLibraryCalls
ReadConsoleW
SetConsoleMode
GetConsoleMode

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ