0c07b1a58f72350406eccfa717cc6664 | Triage

Sharing

General

Target

0c07b1a58f72350406eccfa717cc6664
Size

8KB
MD5

0c07b1a58f72350406eccfa717cc6664
SHA1

82c3f5779903352ec7079cb9b2ca24816504e9b3
SHA256

4ca44db051393abde5d5990cf892423b143fcd7e033fb0cfac6d5d976eaefd8a
SHA512

4b5de6a6b1a9884a683a5cb2df0db629e77d318456cb060c07084963192e38f40ddde7f01db2a4adb364ddadcbcacb3a3069a405580e38150eabe571ac7b2c22
SSDEEP

192:zbtE4N4fdWqSCZkeWdx9jFFK22ICqGlTFl+Ih:tEm8LkesjvK28Rp3+I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c07b1a58f72350406eccfa717cc6664

Files

0c07b1a58f72350406eccfa717cc6664
.dll windows:6 windows x86 arch:x86

6c6b9be96ee9cf7fb04d83062e95b122

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
DeviceIoControl
CreateFileA
CreateProcessA
WriteFile
GetTempFileNameA
GetTempPathA
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
CreateProcessW
HeapFree
GetEnvironmentVariableW
CreateEventA
UnmapViewOfFile
VirtualQuery
MapViewOfFile
OpenFileMappingA
QueryPerformanceCounter
CreateMutexA
ReleaseMutex
TerminateProcess
Sleep
WaitForSingleObject
CreateThread
GetProcessHeap
lstrcatW
HeapAlloc

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

user32

wsprintfA

ws2_32

closesocket
recv
send
connect
htons
socket
WSACleanup
WSAStartup

Exports

Exports

Run
WLEventStartShell

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ