c0e41584f4b9d4e3e38d1c73fd30d085

General

Target

c0e41584f4b9d4e3e38d1c73fd30d085
Size

44KB
MD5

c0e41584f4b9d4e3e38d1c73fd30d085
SHA1

6743c5ae2308f23bd5dea7f37d721ce560c2264c
SHA256

bdd60f9c502c2bc30808e4e4426bc944f1d14eeb0219e534ac29e7c631cdfa2c
SHA512

bb3c3d869c413b8eb90b60587fb85cd9df298a8ab09e8c0e12c3c971798b6e8288694486132da54695a9781fd0b0f3c43499f4788737595ab07ce3aeb650863d
SSDEEP

768:V7hHwqZpkavmnNu5JHAXi62Y8iIUoY8qaCagD8gLa13F:V7yqwJY5JgXi627Nc8qRZLa3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0e41584f4b9d4e3e38d1c73fd30d085

Files

c0e41584f4b9d4e3e38d1c73fd30d085
.dll regsvr32 windows:4 windows x86 arch:x86

0ccb5212d83234ce0095eea2f9cc71de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetLocalTime
CreateThread
LoadLibraryA
WinExec
VirtualAlloc
GetProcAddress
CreateMutexA
InterlockedIncrement
GetSystemDirectoryA
GetModuleFileNameA
CreateProcessA
CloseHandle
GetWindowsDirectoryA

user32

KillTimer
PostMessageA
FindWindowExA
ShowWindow
SetTimer
TranslateMessage
DispatchMessageA
CallNextHookEx
UnhookWindowsHookEx
RegisterClassExA
SetWindowsHookExA
GetMessageA
DefWindowProcA
CreateWindowExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

fwrite
_adjust_fdiv
malloc
_initterm
free
strrchr
_except_handler3
strchr
fopen
_stricmp
fclose
__CxxFrameHandler
sprintf
_pctype
??3@YAXPAX@Z
??2@YAPAXI@Z

shlwapi

SHGetValueA

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetReadFile
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ccb5212d83234ce0095eea2f9cc71de

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

shlwapi

wininet

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 888B

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 888B