0c2e1f6058d99bb2840e305f289e0174

Sharing

Copy URL Twitter E-mail

General

Target

0c2e1f6058d99bb2840e305f289e0174
Size

500KB
MD5

0c2e1f6058d99bb2840e305f289e0174
SHA1

04204e6c4f6f7386763dcc10c976ccb73fd8fced
SHA256

59e181cd465918d7dffe1b250af259f57d2f163cc3e342c0e9098402c89fd7fb
SHA512

54e99c8ce47950036f99a4d10ccb755194e8a6b8aa1b3eeb3b9e550cf6919c95d2a56f0423f67684e0441231c1749d547301012a2450011b79c28263b5f8b561
SSDEEP

12288:z994G0YLvA903h1MsrsNzs6UBypmIkzOFDUslQqYr:z994NYLvC0xgzc7AQqU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c2e1f6058d99bb2840e305f289e0174

Files

0c2e1f6058d99bb2840e305f289e0174
.dll windows:5 windows x86 arch:x86

f9fcc81626febf9189c63399d737523a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

EqualRect
FillRect
IsCharLowerA
LoadAcceleratorsA
LoadBitmapA
LoadCursorFromFileA
LoadImageA
MessageBeep
OemToCharBuffA
PostMessageA
SendMessageA
UpdateWindow
EmptyClipboard
EndDialog

version

GetFileVersionInfoW
VerFindFileW
VerInstallFileW
VerQueryValueW
GetFileVersionInfoA

kernel32

WinExec
VerLanguageNameW
VerLanguageNameA
UnlockFileEx
TerminateProcess
SetLastError
SetFilePointer
SetCurrentDirectoryA
SetCommState
SetCommMask
SetCommBreak
SearchPathA
ReplaceFileA
QueryPerformanceFrequency
DeleteFileA
DuplicateHandle
EnumDateFormatsW
EnumResourceLanguagesW
ExitProcess
FindFirstFileExA
FindFirstVolumeW
FindResourceW
FlushFileBuffers
GetCommandLineA
GetCurrentThreadId
GetDefaultCommConfigW
GetFileSize
GetLastError
GetLocalTime
GetProcAddress
GetTapePosition
GetThreadLocale
GetTickCount
GetVersionExW
HeapAlloc
IsBadReadPtr
IsBadStringPtrA
IsDBCSLeadByte
ProcessIdToSessionId

ntdll

RtlUpcaseUnicodeStringToOemString
RtlxOemStringToUnicodeSize
ZwAccessCheck
ZwCompleteConnectPort
ZwCreateIoCompletion
RtlTimeToElapsedTimeFields
RtlStringFromGUID
RtlSetInformationAcl
RtlSetCurrentDirectory_U
RtlResetRtlTranslations
RtlNtStatusToDosError
RtlMultiByteToUnicodeN
RtlLargeIntegerShiftLeft
RtlIsNameLegalDOS8Dot3
RtlInsertElementGenericTable
RtlInitAnsiString
RtlImpersonateSelf
RtlEqualDomainName
RtlDelete
RtlCreateUserProcess
NtGetWriteWatch
NtMapUserPhysicalPagesScatter
NtPowerInformation
NtPrivilegeObjectAuditAlarm
NtQueryPerformanceCounter
NtSetHighEventPair
RtlTraceDatabaseFind

userenv

CreateEnvironmentBlock
RegisterGPNotification
GetAppliedGPOListW
FreeGPOListW
ExpandEnvironmentStringsForUserW
EnterCriticalPolicySection

Exports

Exports

AslbmbmhQDrYnkTcMg
CvdVdvizmbilz
CvvZwqiqpqilwsJmNup
RczevmuTzo
UpkIPpjqlr
YhujHaryub
cPQ
dfT
doJiqduTouYnitgkf
ghfronm
nagwjaamtudgojb
njqoucNmb
oQoDihDyfiNvkztNc
shxlvFeotguk
usaH
wDufiriYjjthmMXoxz
xbprAhjkqjgvHKjhmk
zsygxgkhhspmulOzga

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 415KB - Virtual size: 959KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9fcc81626febf9189c63399d737523a

Headers

DLL Characteristics

File Characteristics

Imports

user32

version

kernel32

ntdll

userenv

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.data Size: 415KB - Virtual size: 959KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 57KB - Virtual size: 57KB

.data
Size: 415KB - Virtual size: 959KB

.rsrc
Size: 26KB - Virtual size: 26KB