0b168d38f2ba21db8508cbfa863f5b03 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b168d38f2ba21db8508cbfa863f5b03
Size

8KB
MD5

0b168d38f2ba21db8508cbfa863f5b03
SHA1

1438fd4bba7f571aabd2742673c4b0bc530253f0
SHA256

a8aa1b539ef5f9577dc7db3e26f27c06516f3646ebd9bafb1646988b2b459b85
SHA512

7ab14543bd8107f006acbf2fa1cac11685dd6308fdf106656cd26e40c64e1a5da27d7e858a3739a2ac809a435f1c15abcb414672bbd37a93a266d58c360d959a
SSDEEP

96:lzvcZ/s6Qug9dwoY7V8QwU2LjDUg+mvik9WLb7VvGafkNp62G8:tcZ/cugrUPHHpR862G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b168d38f2ba21db8508cbfa863f5b03

Files

0b168d38f2ba21db8508cbfa863f5b03
.dll windows:4 windows x86 arch:x86

b07a31bbb32a708b1a2267bb5379b4ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
Sleep
VirtualProtectEx
WideCharToMultiByte
ReadProcessMemory
GlobalLock
GlobalAlloc
IsBadReadPtr
GetCurrentProcess
CreateThread
GlobalFree
GetModuleFileNameA

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

msvcrt

_adjust_fdiv
malloc
_initterm
free
_stricmp
strcmp
strrchr
??3@YAXPAX@Z
strcpy
??2@YAPAXI@Z
sprintf
strlen
strncpy
strchr
strstr
fclose
fread
fopen
memset
memcpy

Exports

Exports

fa
fc

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ