0cf598e18e5b1253dac7c59ba1fd3225

Sharing

Copy URL

Twitter E-mail

General

Target

0cf598e18e5b1253dac7c59ba1fd3225
Size

76KB
MD5

0cf598e18e5b1253dac7c59ba1fd3225
SHA1

4815b39bb8a552f269fb29b405c0c971518759b1
SHA256

b98a3f86a8249262c3d5b753549310c0842dd3413a89a9e95308dccf1725862e
SHA512

3b951cb29a3f01ac7e992de86d38f0e86c742ea09cce9e3a124c54edd72ce2af8e0c71e22bb90597bdccff4c85702c44e1c5906ac0a96234b63b1492ee76986a
SSDEEP

1536:a61wrVr+jQ8rWOjwN+bqWql4IICS4AWZ/puLeIaF/qGzLaew:5aLkWYA+LU1puLeLVqdew

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cf598e18e5b1253dac7c59ba1fd3225

Files

0cf598e18e5b1253dac7c59ba1fd3225
.dll regsvr32 windows:4 windows x86 arch:x86

1c41cb3a3f0d5fe8f6da51b8bc0c195c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocString
SysFreeString
GetErrorInfo
VariantClear

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
atoi
tmpnam
fopen
fwrite
fclose
strstr
strchr
isalnum
tolower
srand
??1exception@@UAE@XZ
_CxxThrowException
strncpy
??0exception@@QAE@XZ
__mb_cur_max
wctomb
printf
??0exception@@QAE@ABV0@@Z
free
malloc
isgraph
??2@YAPAXI@Z
strtok
??3@YAXPAX@Z
__CxxFrameHandler
strerror
toupper
_stricmp

user32

SetWindowPos
wsprintfA
SystemParametersInfoA
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
DefWindowProcA
GetClassNameA

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetSetOptionA
InternetReadFile

advapi32

RegCloseKey
RegOpenKeyExA
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
RegQueryValueExW
RegOpenKeyExW

ole32

CoCreateGuid
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

shlwapi

SHGetValueA
SHSetValueA
StrStrIA

netapi32

Netbios

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

rpcrt4

UuidToStringA

winmm

timeGetTime

kernel32

GetProcessTimes
GetCurrentProcess
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
GetLastError
GetCurrentThread
GetEnvironmentVariableA
GetCurrentDirectoryA
HeapFree
lstrlenA
GetVersionExA
LocalFree
Sleep
GetThreadTimes
SleepEx
CreateFileA
CloseHandle
GetTickCount
QueryPerformanceFrequency
LoadLibraryA
FormatMessageA
MultiByteToWideChar
GetProcessHeap
DisableThreadLibraryCalls
OpenProcess
GetCurrentProcessId
GetModuleFileNameA
GetSystemDirectoryA
GetLocalTime
DeleteFileA
CreateProcessA
WaitForSingleObject
MoveFileExA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
lstrcpyA
GetFullPathNameA
InterlockedExchange
SetLastError
HeapAlloc
HeapSize
GetVersion
QueryPerformanceCounter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c41cb3a3f0d5fe8f6da51b8bc0c195c

Headers

File Characteristics

Imports

oleaut32

msvcrt

user32

wininet

advapi32

ole32

shlwapi

netapi32

psapi

rpcrt4

winmm

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 2KB