0cab6ccc998ab29d4b982838432580cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0cab6ccc998ab29d4b982838432580cf
Size

20KB
MD5

0cab6ccc998ab29d4b982838432580cf
SHA1

8c022acb3d06450ba28baa991184e36b0e5fec2f
SHA256

c1aa437bec1d17223ded44c22f7d01e43b6df360c144b5076d372d03fb6d97d0
SHA512

5393be438fa55c8d3b0729d7499e0821a7b5585f85ac50ce382f01bfef023bd6eae366b9373d606dcf51266f9040d3dddb755144e94244b7a32922e8fada8131
SSDEEP

192:mIiYFN59izcyX9r+AOp+/BHu5SL0bPW7+fFVqMV/IT1VmKgpgwdEXCLxNRcoSooB:+8+/4ZsqREgu6EXuoqtDFgKBy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cab6ccc998ab29d4b982838432580cf

Files

0cab6ccc998ab29d4b982838432580cf
.dll windows:4 windows x86 arch:x86

f85e5057cec4b32d4d1d57bc187958fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
Sleep
ExitProcess
lstrcpyA
lstrcmpA
lstrlenA
lstrcpynA
lstrcmpiA
GetTickCount
GetSystemTime
GetPrivateProfileStringA
CloseHandle
ReadFile
CreateFileA
SetFilePointer
GetModuleFileNameA
CreateThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
RtlUnwind

user32

PostThreadMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
FindWindowA

netapi32

Netbios

Exports

Exports

tlgzf
tlgzo

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ