0b0d852d2befda9d839342949b2f1423

General

Target

0b0d852d2befda9d839342949b2f1423
Size

47KB
MD5

0b0d852d2befda9d839342949b2f1423
SHA1

96a15a25e475818c81a55c0123d1c10ca2de831d
SHA256

618a294a9de54eed0c748d39bcb2f63c7da59ae17eac7d7a156d2bf4ea49a170
SHA512

dcc258d2f4ed4e596b832e15a7a3d68e15f39bb2f2a5e77f164d17ebc3bbff63a86d9ae08a995329c66a1b226c6acebdabaca5036bea4ea4d403f99285a926fb
SSDEEP

768:Xm8UvCgJk8FXqIIjxjM0vJFExTSExy181JNcFsInEJPRI3LheKN5DHtLkfAQvYdS:Q3k89IjxjMAFOT3y18ijEVi3045DHtSJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b0d852d2befda9d839342949b2f1423

Files

0b0d852d2befda9d839342949b2f1423
.dll windows:5 windows x86 arch:x86

a49c9ed3a801462e2924910d9f3e91fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

cfgmldlg

SdbTagToString
ImmGetCompositionWindow
SdbReadBinaryTag
FindExecutableA
RealDriveType
PathProcessCommand
CtfImmIsGuidMapEnable
ImmWINNLSGetIMEHotkey
ImmUnregisterWordA
CtfImmGenerateMessage
CtfImmDispatchDefImeMessage
ImmGetRegisterWordStyleA
ImmSetCompositionWindow
DllRegisterServer
SdbFindNextTagRef
CtfImmIsTextFrameServiceDisabled
ShimFlushCache

kernel32

FreeEnvironmentStringsA
InterlockedCompareExchange
GetEnvironmentStringsA
GetCurrentProcessId
SetThreadExecutionState
ReadFile
CreateFileA
SetCurrentDirectoryA
GetThreadPriorityBoost
SetFilePointer
HeapDestroy
VirtualQuery
RtlFillMemory
GetSystemTimeAsFileTime
SetThreadContext
ExpandEnvironmentStringsA
WriteFileEx
InterlockedExchangeAdd
WriteFile
OpenThread
GetModuleHandleA
ReadFileScatter
MapViewOfFile
GetVersion
lstrcmpA
HeapAlloc
InterlockedExchange
WaitForSingleObject
HeapCreate
GetStringTypeExA
GetFileAttributesExA
WaitForMultipleObjects
HeapSetInformation
CreateFileMappingA
lstrcatA
ConnectNamedPipe
UnmapViewOfFile
CallNamedPipeA
HeapFree

Exports

Exports

CreateProcessNotify
ktmureg

Sections

.text
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a49c9ed3a801462e2924910d9f3e91fb

Headers

File Characteristics

Imports

cfgmldlg

kernel32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB