0c71b16ff783455aa8996880b2712620

General

Target

0c71b16ff783455aa8996880b2712620
Size

44KB
MD5

0c71b16ff783455aa8996880b2712620
SHA1

cffea8a9892aa463793504e2b6f22ceb0ef9528a
SHA256

d351d8f5ddb5c24189dc78a423f15227050a4826ac7f6937a81b89ec821e29b3
SHA512

53e2230c6d102b1b49d72e94dd855eb79a9805a8aace104fbe0f9ba4dfa67669943a140b526ea9cc4d08b57191382d9381eaff9245e81814624d36e7f58ce0fb
SSDEEP

768:5N0dWnypkav6QTnS4Pv7VRVvytbEgLa1su:5qkuS4nzV6hlLa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c71b16ff783455aa8996880b2712620

Files

0c71b16ff783455aa8996880b2712620
.dll regsvr32 windows:4 windows x86 arch:x86

ba1c68991821037951f9ca79f1663613

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
GetLocalTime
CreateProcessA
GetModuleFileNameA
CreateMutexA
GetWindowsDirectoryA
VirtualAlloc
GetProcAddress
LoadLibraryA
InterlockedIncrement
WinExec
GetLastError
CloseHandle
CreateThread

user32

FindWindowExA
DispatchMessageA
TranslateMessage
GetMessageA
DefWindowProcA
PostMessageA
SetWindowsHookExA
CallNextHookEx
RegisterClassExA
UnhookWindowsHookEx
CreateWindowExA
ShowWindow
KillTimer
SetTimer

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

wininet

InternetSetOptionA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA

msvcrt

_stricmp
_initterm
free
strrchr
_except_handler3
__CxxFrameHandler
_pctype
strchr
sprintf
fopen
fwrite
fclose
??3@YAXPAX@Z
??2@YAPAXI@Z
_adjust_fdiv
malloc

shlwapi

SHGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba1c68991821037951f9ca79f1663613

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 884B

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 884B