0f7b9b3cc7aeee86ab5c93aa568c8078

Sharing

Copy URL

Twitter E-mail

General

Target

0f7b9b3cc7aeee86ab5c93aa568c8078
Size

20KB
MD5

0f7b9b3cc7aeee86ab5c93aa568c8078
SHA1

02c196776ac6d54b17315391008cbbcbc29c5fab
SHA256

757dc19bf25d48227062e4d80f7018346d323289c961f8ac1e469cfcf63b98c7
SHA512

05ebb303b2da1e4f01915b052e8c1e1f80ddb92f91f3a7488e50c228e00a719b885ea95e6b024e2f3c80b40aa1f10be6002abda3021e8412b352f707c700e82b
SSDEEP

384:U6YabFPa3YRHv5y/oBW7Ac1dVFYjdF1dPcKN0SXW7m/9mKapWYC+LEBwB:TYabPRhao0pvwBci0SXW7kZinjB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f7b9b3cc7aeee86ab5c93aa568c8078

Files

0f7b9b3cc7aeee86ab5c93aa568c8078
.dll regsvr32 windows:4 windows x86 arch:x86

b1a29d16707817b6308ca7a9a322d29c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

RegisterClassExA
CreateWindowExA
MoveWindow
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
DefWindowProcA
KillTimer
SetTimer
SendMessageA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken

msvcrt

_adjust_fdiv
malloc
_initterm
free
memcmp
memset
memcpy
_except_handler3
sprintf
_strlwr

kernel32

SizeofResource
QueueUserAPC
FindResourceA
LoadLibraryExA
GetCurrentProcessId
CreateFileMappingA
GetCurrentProcess
OpenThread
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
LoadResource
FindNextFileA
GetTempPathA
MoveFileExA
GetModuleFileNameA
CreateThread
FindClose
WideCharToMultiByte
SuspendThread
GetThreadContext
VirtualAllocEx
WriteProcessMemory
SetThreadContext
ResumeThread
GetLocalTime
DeleteFileA
CloseHandle
WriteFile
CreateFileA
ReadFile
VirtualFree
VirtualAlloc
GetFileSize
SetFileAttributesA
CreateDirectoryA
GetFileAttributesA
lstrcatA
GetWindowsDirectoryA
ExitThread
FindFirstFileA
lstrcpyA
lstrlenA
GetTempFileNameA
lstrcmpiA
GetProcAddress
LoadLibraryA
GetVolumeInformationA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
ExitProcess
GetLastError
CreateMutexA
SetFilePointer
CreateProcessW
VirtualProtect
CreateProcessA
GetSystemDirectoryA
GetModuleHandleA
WaitForSingleObject
GetStartupInfoA
SleepEx
FreeLibrary

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1a29d16707817b6308ca7a9a322d29c

Headers

File Characteristics

Imports

user32

advapi32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 792B

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 792B

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 1KB - Virtual size: 1KB