0a91a7a0939e992e6fae71065e4ea740 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a91a7a0939e992e6fae71065e4ea740
Size

12KB
MD5

0a91a7a0939e992e6fae71065e4ea740
SHA1

843bbef98e4f510e9c8c7f32855543fd380d44a6
SHA256

c9d6c787ace47178fff3bec4e25503ce0e0b8a36a481a08a5cafeda81d738ff7
SHA512

4d87440e45e4d5fa3ac0d5742148d1c8054e53709e2f09cef3a6870278579288e0221a98c8d0f7f938aeac3bd7687ca92ac761ee3c782ea29ac591a0afab0ff0
SSDEEP

192:6HYYAfuXpKL4EzmRERRMmyhIRSNS8OfwkpZwfkyLPS3K9uHCs:6t+ApqRufSYS8OfwkpGfkyLPS3K9uHC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a91a7a0939e992e6fae71065e4ea740

Files

0a91a7a0939e992e6fae71065e4ea740
.dll windows:1 windows x86 arch:x86

2fd443bc77931daa350d8649991e9553

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileA

wsock32

WSACleanup
WSAStartup
closesocket
connect
gethostbyname
gethostname
htons
inet_addr
recv
send
setsockopt
socket

kernel32

ExitProcess
GetEnvironmentStringsA
GetSystemDirectoryA
RtlUnwind
Sleep
WinExec

crtdll

_fdopen
_itoa
_open_osfhandle
fclose
_beginthread
free
_cexit
malloc
memcpy
printf
raise
rand
setbuf
sprintf
srand
strcpy
strlen
strncpy
strstr
strtok
time

Exports

Exports

LibMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 740B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 292B - Virtual size: 292B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 96B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ