0c5b8b814b897ea36b741fe58dffd72f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c5b8b814b897ea36b741fe58dffd72f
Size

54KB
MD5

0c5b8b814b897ea36b741fe58dffd72f
SHA1

29df4fcb56431c2b12d30d631577e9c4d941527f
SHA256

11b211f6d28c4113db62da49d85c8d64f890b9809b6f790381f28e6e70eff63e
SHA512

b0ea4f158a8cc56685f07e6e97f281498d5b96f691b5f6a28a7bf54776f4170944d7f8271a44d8e9ff2624f2ab0d15be2999410628e6d16c711f42777134e100
SSDEEP

768:mykqyQPttw3RpLOFfvNhxVEF2eiHCjMAqxnjGSqzbJUlUtdy8hl995jSHmHBZBAI:RkqyQLG0fvNTk2eiHCj/qFGSorNlh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c5b8b814b897ea36b741fe58dffd72f

Files

0c5b8b814b897ea36b741fe58dffd72f
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ