8f3e54b4ebc5fac8e8f48df3d70e7a3e

Sharing

Copy URL Twitter E-mail

General

Target

8f3e54b4ebc5fac8e8f48df3d70e7a3e
Size

14KB
MD5

8f3e54b4ebc5fac8e8f48df3d70e7a3e
SHA1

ea5cafbe60598ae1d856af0d6b96c0ed1853f7f2
SHA256

675c18af5b245375dbb6b4bc5094416290d62bebfc1ec89deb1cc35625f63add
SHA512

ad3bceb2e6ee1a53a9c129f13f17be065bf55d024a3b905fd6812470fa97d8d30e406527838d2fd60910b4fba0afbdc9ee356a78bcb55e465cc246a88eb35834
SSDEEP

384:2G24g+GB1ocZh9NJ5LjX19uLyDYuK25wWcbWgCZ3:m4g+GBm+9VLTz5YuK2uWcbWBZ3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/optimum.dll

Files

8f3e54b4ebc5fac8e8f48df3d70e7a3e
.cab
optimum.dll
.dll regsvr32 windows:4 windows x86 arch:x86

605a7aa59ed7205791a228fe31136742

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

UnlockUrlCacheEntryFile
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache

shlwapi

SHDeleteValueA
SHSetValueA
PathAppendA
SHGetValueA
SHDeleteKeyA

kernel32

FindNextFileA
FindClose
GetWindowsDirectoryA
GetShortPathNameA
GetCurrentProcess
InterlockedExchangeAdd
FindFirstFileA
WritePrivateProfileSectionA
GetVersionExA
GetProcessHeap
GetLastError
OpenFileMappingA
CloseHandle
UnmapViewOfFile
GetModuleFileNameA
InterlockedExchange
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetModuleHandleA
HeapAlloc
HeapFree
MapViewOfFile
RemoveDirectoryA
DeleteFileA
MoveFileExA

user32

LoadStringA
CloseClipboard
EmptyClipboard
TranslateMessage
PeekMessageA
CharNextA
CharUpperA
CharLowerA
OpenClipboard
DispatchMessageA

advapi32

InitializeAcl
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCloseKey
RegGetKeySecurity
RegOpenKeyExA
FreeSid
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
GetUserNameA
RegSetKeySecurity
RegQueryInfoKeyA
GetSidIdentifierAuthority
SetSecurityDescriptorDacl
AllocateAndInitializeSid
AddAce
InitializeSecurityDescriptor
RegEnumKeyA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

msvcrt

malloc
_mbslwr
strncmp
strstr
_beginthreadex
strncat
fprintf
_initterm
_adjust_fdiv
fclose
_strnicmp
_mbsstr
printf
_itoa
atol
_stricmp
_snprintf
strncpy
??2@YAPAXI@Z
??3@YAXPAX@Z
fgets
fseek
fopen
free
sprintf
rewind

Exports

Exports

DllRegisterServer
Events
ExecFunc
Invoke
Property

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

605a7aa59ed7205791a228fe31136742

Headers

File Characteristics

Imports

wininet

shlwapi

kernel32

user32

advapi32

ole32

msvcrt

Exports

Exports

Sections

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 25KB - Virtual size: 25KB

.rsrc Size: 512B - Virtual size: 288B

.reloc Size: 2KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 512B - Virtual size: 288B

.reloc
Size: 2KB - Virtual size: 2KB