0e63a9317a34b7e4c2fa805a8e63ae39 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e63a9317a34b7e4c2fa805a8e63ae39
Size

44KB
MD5

0e63a9317a34b7e4c2fa805a8e63ae39
SHA1

cd05dd943490281bf20c21d599ad2e9b5974cc0b
SHA256

dc17abe9e08ed6a7945346853e36a17e67081ecbfa30820e9758fed5aca24c3e
SHA512

a9bdb3bb59708f8a846c22592327c5e239979e2203b16adddc46c715de966cb21f2134cf2c6457e4d61d6dab7f83c74ca92807e13e3a42ad3ee7c07aa6cd6ea0
SSDEEP

768:YpkavhC1E19Dklg1MgDwYIVyrmmrgLa1g9q:rdk9YgMgDwYIsrmrLaQq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e63a9317a34b7e4c2fa805a8e63ae39

Files

0e63a9317a34b7e4c2fa805a8e63ae39
.dll regsvr32 windows:4 windows x86 arch:x86

c24fc16dce5d4883853994d66f63a06d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetLastError
CreateMutexA
WinExec
GetWindowsDirectoryA
LoadLibraryA
CreateProcessA
InterlockedIncrement
GetProcAddress
VirtualAlloc
GetLocalTime
CreateThread
CloseHandle
GetSystemDirectoryA

user32

KillTimer
SetTimer
CallNextHookEx
RegisterClassExA
CreateWindowExA
ShowWindow
UnhookWindowsHookEx
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
PostMessageA
DefWindowProcA
SetWindowsHookExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

free
strrchr
strchr
fopen
fwrite
_stricmp
fclose
__CxxFrameHandler
sprintf
_initterm
malloc
_adjust_fdiv
_except_handler3
??2@YAPAXI@Z
??3@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ