0a0644ebe7647cf0e3fe86700c7eef83 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a0644ebe7647cf0e3fe86700c7eef83
Size

10KB
MD5

0a0644ebe7647cf0e3fe86700c7eef83
SHA1

f51bd1cb3161eeaab175888d7313454ef8606714
SHA256

e3316cf3b79ff0a5dc2815919a78ea0f3771714d61ab603ceb8a49f1e75ca45c
SHA512

75e36d23fdc5054210e5f59b8fa149e112759ca0be44823929bd29062a6a5aabfd4a31e1e5df1819a9b5e393a5fac66e398bdd361cdcd751a0599365a6791306
SSDEEP

192:lqR4ffXsUBbjxPr0LpsrspfrV0EGBwKFQqbqbOSG15Cu/RQQTeZ:lqR87XubBVRKwKxbqa155R5e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a0644ebe7647cf0e3fe86700c7eef83

Files

0a0644ebe7647cf0e3fe86700c7eef83
.dll regsvr32 windows:4 windows x86 arch:x86

34df8a8b9e6594b3561355cc48e71ea8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
lstrlenW
lstrcpyW
lstrlenA
MultiByteToWideChar
GetSystemDirectoryW
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
GetModuleFileNameA

user32

MessageBoxA
MessageBoxW
wsprintfW
CharLowerA
ShowWindow
AnyPopup
ReleaseDC

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ