0c5fab72d176cefe032d0ec20d19e70c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c5fab72d176cefe032d0ec20d19e70c
Size

99KB
MD5

0c5fab72d176cefe032d0ec20d19e70c
SHA1

31ae69fd8b600d492955c3b5c0eb1be73e17089f
SHA256

84ceae94b77ae8a920bc820de41ca9486aaf53c8141e11d95697627ac52f5f38
SHA512

1f2c95e7ab96b7fa76d9afc83fa3b5517b8cd6d41914318b7038e7899480e49f74789824e0ebd38618c3fd902b1fdf5976a11d40d42c684e6de6ee4e5676f2cd
SSDEEP

3072:2AuyXCeJfW3O2U3RCRs97+abkMvXXLVvafKtos/U0G9:2TyCezRCk/of+l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c5fab72d176cefe032d0ec20d19e70c

Files

0c5fab72d176cefe032d0ec20d19e70c
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ