cb8f3638ec6cab55e047d0524e71599b

General

Target

cb8f3638ec6cab55e047d0524e71599b
Size

16KB
MD5

cb8f3638ec6cab55e047d0524e71599b
SHA1

eab609a19ad403ba7e4c19af2bbdbb467e2395f1
SHA256

7869d74ba75c085d4b3da3e27c6a56f502ca10c4eb392cc3c6ac3388f5fa5860
SHA512

16a46f2048f9380df4cbfe2dfdc92ea9aa2635bd66f055597da282cd46448c95707ff025c9341e083c22f4e0ae66f4b9635aff9e55db17381597e76e8e7d0607
SSDEEP

192:fj6NzJ8x5AaNc5QUBz78C/Ng8C0QhPEqJAKVkhuC9vZ4+Y6dh8x87:L6NzJ8x5/NcyUBzn1gl0APEqWW+v2in

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb8f3638ec6cab55e047d0524e71599b

Files

cb8f3638ec6cab55e047d0524e71599b
.dll windows:5 windows x86 arch:x86

24bf47e1e1f15caf13121e93f54d4919

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DLL.pdb

Imports

msvcrt

strcpy
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
memset

shlwapi

SHDeleteKeyA

psapi

GetModuleFileNameExA

kernel32

CreateProcessA
lstrcmpiA
GetProcAddress
CopyFileA
DeviceIoControl
GetModuleFileNameA
GetModuleHandleA
CloseHandle
Sleep
ResumeThread
DeleteFileA
CreateThread
lstrcpyA
GetFileSize
lstrlenA
ReadFile
GetTempPathA
OpenProcess
LoadLibraryExA
LocalFree
FreeLibrary
Process32First
WriteFile
lstrcatA
Process32Next
CreateToolhelp32Snapshot
WaitForSingleObject
CreateFileA
ExitProcess
WriteProcessMemory
LoadLibraryA

user32

OpenDesktopA
wsprintfA
SetThreadDesktop
SetProcessWindowStation
OpenWindowStationA

advapi32

RegSetValueExA
SetNamedSecurityInfoA
SetEntriesInAclA
OpenProcessToken
CreateProcessAsUserA
RegCreateKeyExA
OpenSCManagerA
StartServiceA
CreateServiceA
RegCloseKey
GetNamedSecurityInfoA
CloseServiceHandle
RegOpenKeyExA
BuildExplicitAccessWithNameA

shell32

ShellExecuteExA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24bf47e1e1f15caf13121e93f54d4919

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shlwapi

psapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 650B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 650B