15e7796749e3016f25d6f706c630efa8

General

Target

15e7796749e3016f25d6f706c630efa8
Size

12KB
MD5

15e7796749e3016f25d6f706c630efa8
SHA1

e4594e9a1fd197f744d8ca78dfd74d93e86ec899
SHA256

b5f1cca5b6fe08ec2ab7feaf5eafcee48f4d0f3695239ddfaa866ca56959785d
SHA512

10a4b24f1419fa07504043c8538a446e0f0ebbac1d31aaaebc60555576cfee0d9c6564b6149d4475d6eba6a951bee64aaa2de7ccec44a8b83f7ffa8d7f625dc7
SSDEEP

192:uI1jW3YFC50nZdfU7GQbyEpbJzmhRp7ZPTHfNJMseK9XCxwA7rAZn3pK+Szr71:PBW3YFC50ZtU7HHJzmhbdPrNcK9XCxxb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15e7796749e3016f25d6f706c630efa8

Files

15e7796749e3016f25d6f706c630efa8
.dll regsvr32 windows:4 windows x86 arch:x86

ebe8612eff37abb3edda2cd73fef4b8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

wininet

InternetConnectA
InternetCloseHandle
FtpGetFileA
InternetOpenA
InternetGetConnectedState

mfc42

ord5442
ord5186
ord1979
ord6010
ord6385
ord354
ord665

msvcrt

_stricmp
_initterm
free
_onexit
time
srand
rand
strcmp
sprintf
strlen
strcat
__CxxFrameHandler
memset
strcpy
malloc
__dllonexit
_adjust_fdiv

kernel32

CloseHandle
GetLastError
CreateRemoteThread
GetProcAddress
LoadLibraryA
WriteProcessMemory
Sleep
FreeLibrary
GetWindowsDirectoryA
DeleteFileA
GetCommandLineA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
VirtualAllocEx
GetCurrentProcess

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMyOnTimeAction
DllRegisterServer
DllUnregisterServer
Dll_JustWorking

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebe8612eff37abb3edda2cd73fef4b8f

Headers

File Characteristics

Imports

winmm

wininet

mfc42

msvcrt

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B