0b648a9ec0430d0c1ca72fd9b692d0e0

General

Target

0b648a9ec0430d0c1ca72fd9b692d0e0
Size

20KB
MD5

0b648a9ec0430d0c1ca72fd9b692d0e0
SHA1

901a6c0a168f6e8bddf47819a4799f9fc4503774
SHA256

9bf56c5ba46ea4f284e3caa65913382e9a19b61928bb1a1fca1ca27d142faf19
SHA512

f96215228d8da5e7e3d8e59d2d63b5a28e77a3c42b4e954da3d82c284c2e9126bbce96a707a0e422a85dc39571228642337b8b294e6f7c5f89a6bee1095d69c9
SSDEEP

192:lVLyYtyN7WybqJl3WnTc7nQzKxjs+Tzb5iRFgSDjJ8EewAvrA9L:nLyYsN7LqJl3OTc7neYse5iRFfOEexv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b648a9ec0430d0c1ca72fd9b692d0e0

Files

0b648a9ec0430d0c1ca72fd9b692d0e0
.dll regsvr32 windows:4 windows x86 arch:x86

1df7550f7dfe1b69af05be01ebb3e1c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

wininet

InternetConnectA
InternetCloseHandle
FtpGetFileA
InternetOpenA
InternetGetConnectedState

mfc42

ord6010
ord5186
ord354
ord5442
ord6385
ord1979
ord665

msvcrt

_stricmp
_initterm
free
_onexit
time
srand
rand
strcmp
sprintf
strlen
__CxxFrameHandler
strcat
memset
strcpy
malloc
__dllonexit
_adjust_fdiv

kernel32

CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLastError
CreateRemoteThread
Sleep
FreeLibrary
GetWindowsDirectoryA
DeleteFileA
GetCommandLineA
OpenProcess
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
GetProcAddress
GetCurrentProcess

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMyOnTimeAction
DllRegisterServer
DllUnregisterServer
Dll_JustWorking

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1df7550f7dfe1b69af05be01ebb3e1c6

Headers

File Characteristics

Imports

winmm

wininet

mfc42

msvcrt

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 528B

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 528B