0b92444268d9c48c1f1544144db2ba8d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b92444268d9c48c1f1544144db2ba8d
Size

47KB
MD5

0b92444268d9c48c1f1544144db2ba8d
SHA1

4ddfd62ba8ecfcbfe5e060ef3ae44d9e1b3f2800
SHA256

6e44e7bb2f3a0d5798b53141a8bd2fdafa84fdd13b5453a5b2bb9a432c0c66c7
SHA512

3a478c7dc51e2d106f1b05303cfa3e7c2667dfbe87c77c972a8bed4a7ed0722e5d3707d5c6748e333f8682002a36f22a93a12d9c08c051908817abcb2e91bdc7
SSDEEP

768:0yfbNuoBDwpv/gmF3HRlaQdJUkYKa0+hkUywf2YKHE1+RtL0p:0yfsotwdgu38kYZNiUyweYKHk+Rtc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b92444268d9c48c1f1544144db2ba8d

Files

0b92444268d9c48c1f1544144db2ba8d
.dll regsvr32 windows:4 windows x86 arch:x86

c4afecb25eefbb0813a90fe986b86722

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htons
connect
closesocket
socket
recv
send
ioctlsocket
WSAStartup
gethostbyname

kernel32

LocalFree
LoadLibraryA
GetProcAddress
GetLastError
IsBadReadPtr
GetSystemInfo
WideCharToMultiByte
GetModuleHandleA
InterlockedDecrement
GetModuleFileNameA
GetCurrentProcess
lstrcpynA
CreateFileA
FlushInstructionCache
Sleep
CreateThread

user32

wsprintfA
CallNextHookEx

ole32

CoCreateInstance
OleRun

oleaut32

SysAllocString
VariantClear
SysFreeString
GetErrorInfo

msvcrt

_strupr
??1type_info@@UAE@XZ
_strdup
_CxxThrowException
_adjust_fdiv
_initterm
_onexit
__dllonexit
strchr
atoi
free
isalpha
isdigit
realloc
malloc
wcslen
??2@YAPAXI@Z
sprintf
??3@YAXPAX@Z
__CxxFrameHandler

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ