0fa44dddf7306a717c16c10342d86b001e23f7007c6f8a998b7d317365ee3937 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fa44dddf7306a717c16c10342d86b001e23f7007c6f8a998b7d317365ee3937
Size

9.6MB
MD5

e2cef0a7d1875f8dc3f63433e1c3336e
SHA1

4eb643e2772c5e64db932f7fa78758f52653d4e8
SHA256

0fa44dddf7306a717c16c10342d86b001e23f7007c6f8a998b7d317365ee3937
SHA512

f7fea3bf104ed47da563ab1ccf77b289725e12e33c90e194662d422c4cce23a2586dd25e8f026515e0cf666aad0ea016db9b7dc44651b103d7e1f14a8ed1e5a5
SSDEEP

196608:Zc/xhkYTnEWe2wzDXMYXYvlCco0i1QfSJZdOtd/wR4O+Tgz1:urAzRH1XYd+QfSe/wR4O+TG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fa44dddf7306a717c16c10342d86b001e23f7007c6f8a998b7d317365ee3937

Files

0fa44dddf7306a717c16c10342d86b001e23f7007c6f8a998b7d317365ee3937
.exe regsvr32 windows x86

874efdd5f77f75307288bab20855d170

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

UpdateLayeredWindow

gdi32

GetTextExtentPoint32W

msimg32

AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

GetJobA

advapi32

OpenThreadToken

shell32

SHAppBarMessage

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionA

ole32

OleSetContainedObject

oleaut32

VariantClear

oledlg

ord8

urlmon

CreateURLMoniker

winmm

PlaySoundA

gdiplus

GdipGetImagePixelFormat

oleacc

LresultFromObject

imm32

ImmReleaseContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 9.6MB - Virtual size: 16.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE