0e8c66bbd87b879c447136d4088c4f52 | Triage

Sharing

General

Target

0e8c66bbd87b879c447136d4088c4f52
Size

7KB
MD5

0e8c66bbd87b879c447136d4088c4f52
SHA1

80c783dc83f19484d76b3fd88d634fb538b30b44
SHA256

cf26f0b592eeb1e5950258fa889015dd24044fe3bc327c9d3d34a82828f146ad
SHA512

e64b67076d6ea13a4ddecd35b8fad454c59172ffb5a63dbc5e77eeaa3de7c007d1da3c2e87655175b52258e507eb5f453407d993ce32674a00f687af2967869b
SSDEEP

96:nhhU2hDFHKxk4jliW1e6v++iJ5xtF1eGpYLm/YL8/EehaFLHlCChGl:nhhv4pZy+iJ975Z/EehaFLHlCChY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e8c66bbd87b879c447136d4088c4f52

Files

0e8c66bbd87b879c447136d4088c4f52
.dll windows:4 windows x86 arch:x86

68a32e49cbb86d78cb508661a7f581cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

kernel32

WriteFile
DeleteFileA
CloseHandle
CreateFileA
GetCurrentProcess
lstrcatA
lstrlenA
GetTempPathA
ReadFile
CreateProcessA
GetStartupInfoA
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetThreadContext
SuspendThread
LoadLibraryA
TerminateProcess
GetVersion
WaitForSingleObject
Sleep
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
ExitProcess
HeapFree
lstrcmpiA
HeapAlloc
GetProcessHeap
CreateThread
GetModuleFileNameA
GetLastError
CreateMutexA

msvcrt

_except_handler3
memcpy
memset
memcmp
sprintf

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 394B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ