0b091e033377793b8bd54b7872a6343a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b091e033377793b8bd54b7872a6343a
Size

60KB
MD5

0b091e033377793b8bd54b7872a6343a
SHA1

4f1e3102e914bfef3238a7336c5683b4c1814d0a
SHA256

c13ee967834f6458af4bcd6c2613037fc119f1599eea17a99b63f5fe73169ffa
SHA512

7bec9908f165d098a2cdbde1c1882bf82996600f50104e53f3227c5d2bc329c83861d29f46d95fd29cf5ca5ee7d8d49bbd27f3c3278a720bb39ec338e9686ddf
SSDEEP

768:rB85T53XwxGAuUWfwmU07dic4C8+G97kHSJwU3td:rB8nIGRYc4C8++7Tpf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b091e033377793b8bd54b7872a6343a

Files

0b091e033377793b8bd54b7872a6343a
.dll windows:1 windows x86 arch:x86

0fcef9e6f58fe01fab330f8e5582d761

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

CallNextHookEx
SetWindowsHookExA
MessageBoxA
FindWindowExA
GetActiveWindow
GetWindowTextA
UnhookWindowsHookEx

kernel32

GetWindowsDirectoryA
GetProcAddress
CloseHandle
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
WriteFile
VirtualProtect
GetModuleHandleA
SetFilePointer
LoadLibraryA
CreateFileA

wininet

InternetReadFile

shell32

StrStrA

Exports

Exports

MHook
MUnHook

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ