85195b25b0fbe22e11a3bb02e46d39f9bf764a21cd6da529a51185799c36e99c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85195b25b0fbe22e11a3bb02e46d39f9bf764a21cd6da529a51185799c36e99c
Size

101KB
MD5

489470b05246e43846fb5891a85e4bf8
SHA1

a08462d778c73ac208f06dbc6a89713d74ea3e89
SHA256

85195b25b0fbe22e11a3bb02e46d39f9bf764a21cd6da529a51185799c36e99c
SHA512

f33d7c4b78d180251689b1c911738bec4611e0a36bfc141de637748b25d04402df99a7f925982ced7aada9968b6324730bcb9fe65e04075fb57d976ea0934ba3
SSDEEP

1536:yInn41Q6EM0q94AHHhjhvy+v1fwho8vVp40vcGLyyjnBza5kKkEJwbP41Z:SQDqTnhjhvyswRNvcrStaBpw7cZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85195b25b0fbe22e11a3bb02e46d39f9bf764a21cd6da529a51185799c36e99c

Files

85195b25b0fbe22e11a3bb02e46d39f9bf764a21cd6da529a51185799c36e99c
.dll regsvr32 windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Exports

Exports

DisableHook
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnableHook
SetupShellHook

Sections

.text
Size: 1KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ