0debc621bb27f34b6377ee33dc1ac420N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0debc621bb27f34b6377ee33dc1ac420N
Size

64KB
MD5

0debc621bb27f34b6377ee33dc1ac420
SHA1

ec60c2335d147e322a7b6ebc4e4d6b0b34980bb9
SHA256

f58d194806e9993196baf5eeb54caba7866bcad4560311dcc80b916192af5191
SHA512

909c322fdb47d09d390effd6d02e1514dea0de701e306655c458bc1704498c4778ac81b9c1018629070b280ed2a58a2e931063eb3c3280a3c0cc915b73910d22
SSDEEP

768:25ixYLvMnPhZhLDRHt+gQbTSXrB4EXxAcIL7Cke+N1sJhMzEvrAa:2Ux6MPhZhLD7vQbW20AcIvZNOJUUp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0debc621bb27f34b6377ee33dc1ac420N

Files

0debc621bb27f34b6377ee33dc1ac420N
.dll windows:6 windows x86 arch:x86

88d0c8baf81317c8274cc2cc88e50a41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
memcpy
malloc
free

shlwapi

PathMatchSpecA
PathFindFileNameW
UrlUnescapeW
StrCSpnW
PathIsUNCServerW

kernel32

GetModuleHandleW
GetProcAddress

wsnmp32

ord600
ord107
ord300
ord102
ord999
ord502
ord104
ord504
ord205

mscms

CreateColorTransformW
CreateMultiProfileTransform
CreateColorTransformA
SelectCMM
CreateProfileFromLogColorSpaceA
UninstallColorProfileW

mswsock

GetNameByTypeA
s_perror
GetServiceW
NPLoadNameSpaces
inet_network
rresvport
getnetbyname

ws2_32

getpeername
getsockopt
setsockopt
WSAEnumProtocolsW
WSACreateEvent
ntohl
WSAEnumNameSpaceProvidersA
shutdown
connect

Exports

Exports

HvTkcoed

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE