0e3eb4abc4a0d2011b32f102cf01e206

Sharing

Copy URL Twitter E-mail

General

Target

0e3eb4abc4a0d2011b32f102cf01e206
Size

76KB
MD5

0e3eb4abc4a0d2011b32f102cf01e206
SHA1

b1c38738d369222663d5a604a80d8872a36bf7f1
SHA256

95da170ab8cf563bf15080455248ed4c1877195caf75adfaecf84bcfa0c9c016
SHA512

cccd5c9974b678fd2234fa99af7a02c737be0629b2faa66347592e01890dc06ca6eab3a8b95bffaa6ee0632bcbb8f3610dc90ea1745aad3545f06dfea9fd713f
SSDEEP

384:2hnfXzPNhiAzXsnKCWP4lOEGGc9CVLJlcxH/w4eVGSKxn0FOCrkb5FtaSKW9ptW+:2hZhPnr47Gmcxo70xn0FfiFtdZ9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e3eb4abc4a0d2011b32f102cf01e206

Files

0e3eb4abc4a0d2011b32f102cf01e206
.dll regsvr32 windows:4 windows x86 arch:x86

371c0065d00525d49576f349c00694b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
CreateEventA
GetModuleFileNameA
TerminateProcess
OpenProcess
WideCharToMultiByte
FindResourceA
SizeofResource
LoadResource
LockResource
LoadLibraryA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
MultiByteToWideChar
SetEvent
lstrcpyA
GetModuleHandleA
CloseHandle
WaitForSingleObject
ExitThread
SetFilePointer
lstrlenA
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
WriteFile
ReadFile
HeapAlloc
GetProcessHeap
HeapFree
RtlUnwind
Sleep
lstrcatA
GetSystemDirectoryA
CreateFileA
ReleaseMutex
SetEndOfFile
CompareStringA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateMutexW

user32

LoadBitmapA
DestroyWindow
IsWindow
RegisterClassA
UnregisterClassA
CharLowerA
wsprintfA
GetClassInfoA
GetClientRect
SendMessageA
CreateWindowExA
GetWindowLongA
SetWindowLongA
CallWindowProcA
ShowWindow

gdi32

DeleteObject

advapi32

RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CryptAcquireContextA
InitializeSecurityDescriptor
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash

ole32

CoUninitialize
CoCreateInstance
CoInitialize
StringFromIID
CoGetMalloc

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

371c0065d00525d49576f349c00694b2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 388B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 388B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB