0b27c58e5ad0cfa3536b95ea4ffbac89

General

Target

0b27c58e5ad0cfa3536b95ea4ffbac89
Size

15KB
MD5

0b27c58e5ad0cfa3536b95ea4ffbac89
SHA1

c73ba6f7bcd05e5d0471187721fd489ae60dbb5c
SHA256

61eb7b5f06efa88727ccd7232242a08f3b576a69ec5005d132b47a0d28bfc466
SHA512

15e1d5bf02d7a550336305c62632c5d394964fdf7b8fddb954aa6d106f162a1952aa18ed3e1dbd83c659fe66cbb3578fcb74af9ce25a72534da833c1942eecbc
SSDEEP

384:/d52Q7gAX8BCNYq3//bvlMyt2u8gLTN3:F52BBCp/bdMnu8gLTN3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b27c58e5ad0cfa3536b95ea4ffbac89

Files

0b27c58e5ad0cfa3536b95ea4ffbac89
.dll windows:4 windows x86 arch:x86

f793e14296c4115d6dfa99ff6f2fff9c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
DeleteFileA
CreateFileA
WriteFile
OpenEventA
Sleep
GetFileSize
ReadFile
GetModuleFileNameA
GlobalFree
GetProcAddress
GlobalLock
GlobalAlloc
VirtualProtectEx
CreateThread
GetCurrentProcess
OutputDebugStringA
CreateEventA
SetThreadPriority
GetCommandLineA
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
VirtualFree
ReadProcessMemory
VirtualAlloc

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetKeyboardState
ToUnicode
GetAsyncKeyState
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
CloseDesktop
wsprintfA
GetInputState
PostThreadMessageA
GetMessageA

gdi32

CancelDC
CloseEnhMetaFile
Chord

advapi32

RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 842B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f793e14296c4115d6dfa99ff6f2fff9c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

Sections

.text Size: 12KB - Virtual size: 12KB

sdata Size: 512B - Virtual size: 260B

.reloc Size: 1024B - Virtual size: 842B

.text
Size: 12KB - Virtual size: 12KB

sdata
Size: 512B - Virtual size: 260B

.reloc
Size: 1024B - Virtual size: 842B