0bd64812f790d080e04f1f958fc25d97

Sharing

Copy URL Twitter E-mail

General

Target

0bd64812f790d080e04f1f958fc25d97
Size

176KB
MD5

0bd64812f790d080e04f1f958fc25d97
SHA1

c7827c8e8455fc26f1c4070afffcc116e7deaa47
SHA256

cd3b8614241e0313809454e44c0ce44dddae3a4711d376aadae225841fbf9bcb
SHA512

42b8d29ef8a21ab6da62ae20e278c1aad3047fa96a68a474220e3527b121c561366646ae2f377241edd2d4af1c9a03ea1e828e93c2ecd6202f06532934ea9439
SSDEEP

3072:rwc0WebXsxueQEDyzvXQGuFNfa3RdCi9MjpGPJE+R4fIz9BdkbWY:vqXjwDqvXQGuFJ8RczpG74Azeb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bd64812f790d080e04f1f958fc25d97

Files

0bd64812f790d080e04f1f958fc25d97
.dll regsvr32 windows:4 windows x86 arch:x86

adad616009ac56c2dd456dde8c193747

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

fclose
malloc
strncpy
??0exception@@QAE@ABV0@@Z
wctomb
__mb_cur_max
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
isgraph
strstr
strtok
toupper
islower
??0exception@@QAE@XZ
??2@YAPAXI@Z
isalpha
strtol
atoi
tmpnam
fopen
fwrite
free
srand
isalnum
strchr
isupper
tolower
isspace
wcscmp
wcslen
?what@exception@@UBEPBDXZ
strerror
isxdigit
printf
??1exception@@UAE@XZ
_CxxThrowException
__CxxFrameHandler
ispunct
??3@YAXPAX@Z

rpcrt4

UuidToStringA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

timeGetTime

shlwapi

StrStrIA
SHSetValueA
SHGetValueA

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetSetOptionA
InternetReadFile
InternetCloseHandle

oleaut32

SysAllocString
SysFreeString
VariantClear
GetErrorInfo

advapi32

RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
RegOpenKeyExA

netapi32

Netbios

ole32

CoInitialize
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

user32

CloseClipboard
SystemParametersInfoA
SetWindowPos
RegisterClassExA
OpenClipboard
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DefWindowProcA
SetTimer
KillTimer
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
GetClassNameA
CreateWindowExA

kernel32

QueryPerformanceFrequency
LoadLibraryA
GetSystemInfo
GetLocalTime
Sleep
lstrcpyA
lstrlenA
GetLastError
GetWindowsDirectoryA
LocalFree
FormatMessageA
HeapFree
GetProcessHeap
GetModuleFileNameA
QueryPerformanceCounter
GetVersion
HeapSize
HeapAlloc
GetModuleHandleA
GetThreadTimes
GetCurrentThread
SetLastError
GetFullPathNameA
GetSystemDirectoryA
SleepEx
FreeEnvironmentStringsA
GetEnvironmentStrings
MultiByteToWideChar
lstrcmpiA
GetTickCount
FreeLibrary
CloseHandle
CreateRemoteThread
WriteProcessMemory
GetProcAddress
VirtualAllocEx
GetVersionExA
CreateProcessA
lstrcmpA
GetProcessTimes
GetCurrentProcess
MoveFileExA
WaitForSingleObject
GetCurrentDirectoryA
CreateFileA
GetCurrentProcessId
lstrcpynA
DeleteFileA
OpenProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adad616009ac56c2dd456dde8c193747

Headers

File Characteristics

Imports

msvcrt

rpcrt4

version

winmm

shlwapi

wininet

oleaut32

advapi32

netapi32

ole32

psapi

user32

kernel32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 24KB - Virtual size: 27KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 24KB - Virtual size: 27KB

.reloc
Size: 12KB - Virtual size: 8KB