0bfc18904b72887245457ea68c1564b0

Sharing

Copy URL Twitter E-mail

General

Target

0bfc18904b72887245457ea68c1564b0
Size

168KB
MD5

0bfc18904b72887245457ea68c1564b0
SHA1

d32cdc11f8d41907acf0aef3e93eeaf115ee4641
SHA256

2b0105ae7b1fa9c11d6a97acb60e47265b71bde94288f145113451de2e1aa597
SHA512

f7efc883b520944e020ada7fa43d98fa071eb7749c971e38e09d1cb9c9c221bb53930e5e6eed4c2c933d889e89e7825ba2d9d3926eb0f95db97807037aba0d16
SSDEEP

3072:7Ckf5yIOQ57PrW6P9FhVxo1jJlLGS4bKhSHuoDUaX:7Ckf5yIOQ57Pa6P9FhVxo1jJlL4bKKJ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bfc18904b72887245457ea68c1564b0

Files

0bfc18904b72887245457ea68c1564b0
.dll regsvr32 windows:4 windows x86 arch:x86

12411ed51eed007b4e812ec2940a4085

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoCreateInstance
CoInitialize
CoCreateGuid

advapi32

SetEntriesInAclA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
SetSecurityInfo
GetSecurityInfo

netapi32

Netbios

shlwapi

StrStrIA
SHSetValueA
SHGetValueA

oleaut32

SysAllocString
GetErrorInfo
VariantInit

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

user32

GetWindowThreadProcessId
EnumChildWindows
GetClassNameA
SystemParametersInfoA
SetWindowPos
wsprintfA
KillTimer
SetTimer
DefWindowProcA
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
EnumWindows

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA

rpcrt4

UuidToStringA

kernel32

SetHandleCount
GetStdHandle
GetFileType
GetFileAttributesA
WriteFile
LCMapStringW
LCMapStringA
LocalFree
TlsGetValue
RaiseException
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetOEMCP
GetACP
ReadFile
SetEndOfFile
SetFilePointer
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetLocalTime
CloseHandle
OpenProcess
MoveFileExA
WaitForSingleObject
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryA
DeleteFileA
GetSystemDirectoryA
CreateFileA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetCurrentProcessId
SleepEx
GetModuleFileNameA
HeapAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
HeapFree
SetLastError
RtlUnwind
GetLastError
MultiByteToWideChar
HeapReAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
GetStartupInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12411ed51eed007b4e812ec2940a4085

Headers

File Characteristics

Imports

ole32

advapi32

netapi32

shlwapi

oleaut32

psapi

user32

wininet

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 28KB - Virtual size: 33KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 28KB - Virtual size: 33KB

.reloc
Size: 8KB - Virtual size: 6KB