0c40456d2817131fd302c825cc489415

General

Target

0c40456d2817131fd302c825cc489415
Size

101KB
MD5

0c40456d2817131fd302c825cc489415
SHA1

a3e193509c50fbe4487eae45a0ea41f5971abac2
SHA256

38bcd0f7371203e9c54e0e9f236b070d46283a065ca068b772f7f6a550221802
SHA512

d5d2f69ce5b36ded808a1f22bac4e0daf29b5f32d2fecba4c8ca0134723c1a52887c7038b0e877a458eb48085a31ec020c5364235a4a9272c1c7ac0daf609e32
SSDEEP

1536:qQnlIPFMW86YAe4KtS4jP2HUSiCdmk0YR942u3oMoCacU8aDOlCk7u:qAuXydPIVVmk8ZoCac+1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c40456d2817131fd302c825cc489415

Files

0c40456d2817131fd302c825cc489415
.dll windows:5 windows x86 arch:x86

c0155ada33812e54774ac92faf41c165

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExGetPreviousMode
RtlCreateSecurityDescriptor
IoAcquireCancelSpinLock
CcUninitializeCacheMap
RtlWriteRegistryValue
ZwAllocateVirtualMemory
KeInitializeTimer
IoVerifyVolume
RtlFindClearRuns
MmMapLockedPagesSpecifyCache
CcFastMdlReadWait
IoGetDeviceProperty
CcCopyRead
KeInitializeEvent
ExAllocatePoolWithTag
IoCreateStreamFileObject
ObReferenceObjectByHandle
KeSetTimer
IoRemoveShareAccess
ExAcquireResourceSharedLite
KeBugCheckEx
FsRtlIsDbcsInExpression
RtlRandom
WmiQueryTraceInformation
IoQueryFileDosDeviceName
RtlUpcaseUnicodeString
RtlTimeToSecondsSince1970
KeReadStateTimer
FsRtlNotifyUninitializeSync
SeSinglePrivilegeCheck
SeTokenIsAdmin
RtlGetNextRange
MmSecureVirtualMemory
KeReleaseMutex
IoReleaseVpbSpinLock
IoStartPacket
RtlTimeToTimeFields
CcMdlReadComplete
IoInitializeTimer
IoGetRequestorProcess
RtlEqualSid
ProbeForWrite
IoRequestDeviceEject
CcInitializeCacheMap
PsGetThreadProcessId
PoRegisterSystemState
CcMdlWriteAbort
KeRemoveDeviceQueue
SeAccessCheck
IoInitializeRemoveLockEx
FsRtlNotifyInitializeSync
IoWMIRegistrationControl
ObMakeTemporaryObject

Exports

Exports

?FindScreenExW@@ADIGPAF<V
?CopyScreenExA@@ADKD<V
?AddDialogNew@@ADIPAHPAF<V
?IsHeightNew@@ADKKH<V
?IsNotAnchorEx@@ADPAIMPAK<V
?OnTimeNew@@AD_NDM<V

Sections

.text
Size: 28KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 247B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0155ada33812e54774ac92faf41c165

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 45KB

.edata Size: 512B - Virtual size: 247B

.data Size: 33KB - Virtual size: 33KB

.text
Size: 28KB - Virtual size: 45KB

.edata
Size: 512B - Virtual size: 247B

.data
Size: 33KB - Virtual size: 33KB