b4839fa0e0cf30159ce3f2d3cba8596271d7f25efaaad93c2446837a7b2c7f67

General

Target

b4839fa0e0cf30159ce3f2d3cba8596271d7f25efaaad93c2446837a7b2c7f67
Size

103KB
MD5

56c3240a94ecd20dc9e85150f9f8000d
SHA1

16263bac242329546aa2a634dbabe2030f19e02e
SHA256

b4839fa0e0cf30159ce3f2d3cba8596271d7f25efaaad93c2446837a7b2c7f67
SHA512

03dcae61b6eb6b6db9e5dac0d60debb2e98b62abffc63a1f46d6cc522b2086c9c741cb1f37ac1a89b2df09d62d098a8de53f9dda59bdec479d5183e086c0b710
SSDEEP

1536:FleLZ+nF7VAQ74fkCpNPEhVMxwtWM0Yj0rf:FleLZ+nF7uQ74lNPRYjmf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4839fa0e0cf30159ce3f2d3cba8596271d7f25efaaad93c2446837a7b2c7f67

Files

b4839fa0e0cf30159ce3f2d3cba8596271d7f25efaaad93c2446837a7b2c7f67
.dll windows x86

cebf85bce35a2dc25d7e85d6aa111247

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
_splitpath
_stricmp
_chdir
_adjust_fdiv
fread
sprintf
_CIpow
atoi
_snwprintf
memset
malloc
fopen
??2@YAPAXI@Z
_purecall
free
fclose
memcmp
??3@YAXPAX@Z

kernel32

GetLastError
GetWindowsDirectoryA
LocalAlloc
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
FreeLibrary
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
CloseHandle
WriteFile
MultiByteToWideChar
lstrlenA
Sleep
GetSystemTime
lstrcpyW
GetTickCount
GetLocalTime
RaiseException
GetProcAddress
LoadLibraryA

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegCloseKey

user32

LoadStringA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
FreePropVariantArray

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DliHook
DllCanUnloadNow
DllGetClassObject
_DllEntryPoint@12

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cebf85bce35a2dc25d7e85d6aa111247

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 96KB - Virtual size: 96KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB