0b336e99637f8c5ff4dcba831e793af4

Sharing

Copy URL Twitter E-mail

General

Target

0b336e99637f8c5ff4dcba831e793af4
Size

36KB
MD5

0b336e99637f8c5ff4dcba831e793af4
SHA1

08cf7aa1ee7e20fff8e53ca234c0f66a1ee9877f
SHA256

dc62c122011c72d94e60064e118ecdb2b6157ce809bedd194d43094c930d0724
SHA512

469cdd22d066c0ac0d7231fd03eadef4aa82822403e05ac91ae9af52fdfcdab029c839bddb51382b85020f4d72f3c20fdbb41b6a625dff002dca6e970f3dc420
SSDEEP

384:Ah9//TBrVeWYZaFTMWS/28+Ane1nRiaBXs4zuT3R:q9//TtVPYZiwRne1nRBX9z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b336e99637f8c5ff4dcba831e793af4

Files

0b336e99637f8c5ff4dcba831e793af4
.dll windows:4 windows x86 arch:x86

733680688cacca8482262aa39526b54b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
lstrcpynA
SetLastError
GetLastError
LoadLibraryW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
LoadLibraryA
GetModuleHandleA
DisableThreadLibraryCalls
LocalFree

user32

DestroyWindow
GetClassInfoExA
RegisterClassExA
LoadCursorA
wsprintfA
CallWindowProcA
GetDC
ReleaseDC
GetWindowLongA
SetWindowLongA
CreateWindowExA
DefWindowProcA
ShowWindow
SetWindowTextA
SendMessageA
GetParent
GetClientRect
MoveWindow
GetDlgItem

gdi32

CreateFontIndirectA
DeleteObject
GetDeviceCaps
DPtoLP

oleaut32

VariantClear

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

msvcrt

_except_handler3
abs
_mbslwr
_CxxThrowException
strlen
__CxxFrameHandler
_purecall
free
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
malloc
??2@YAPAXI@Z
memcpy
memset
_adjust_fdiv

Exports

Exports

IsUnicode
PlugInit
PlugTerminate
Registration
determineCommands

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

733680688cacca8482262aa39526b54b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

oleaut32

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 792B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 792B

.reloc
Size: 4KB - Virtual size: 2KB