0efa72e365adcaaa18c253712310ed6e | Triage

Sharing

General

Target

0efa72e365adcaaa18c253712310ed6e
Size

36KB
MD5

0efa72e365adcaaa18c253712310ed6e
SHA1

7a6aa5cc1d89db55cee2f84d03a379ded6edd2be
SHA256

676713759a4c28d8f9e2d69d7e92dbd1d98db937ac23751a4b51f11ef2f8fcde
SHA512

8142c329c4cd6430795303284ef30e5cd79808c68a9d4a7562f7e58fc11cba0fde47ab1168b8e73d2c02e34cfca3667438e5d756d9becea2a58acf5e20aae664
SSDEEP

384:TjxpIhLvc/BlU5NrvgNVB8AGMRWW+ZcMAgKwsFqMWDtf0KaJZG1IyUS43ucGruQ8:5pIh6UewAWtPDKKa2QUrem+qluFe+z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0efa72e365adcaaa18c253712310ed6e

Files

0efa72e365adcaaa18c253712310ed6e
.dll windows:5 windows x86 arch:x86

e6e6947dd7a5ce402dfbee72e6352cd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetForegroundWindow

shell32

ShellExecuteA

msvcp90

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

winmm

timeGetTime

msvcr90

sprintf

Sections

.text
Size: 30KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE