3dff4097967d35ceff766ecd9ec4abe2a460b41009e5b265923840670cee0c0cN

General

Target

3dff4097967d35ceff766ecd9ec4abe2a460b41009e5b265923840670cee0c0cN
Size

4KB
MD5

a96650fef629d2a18e838a5f134dcdd0
SHA1

4e7bc50d21b8094869b933f53b224c63e704379a
SHA256

3dff4097967d35ceff766ecd9ec4abe2a460b41009e5b265923840670cee0c0c
SHA512

d35192be2fb138a44b7ef7e17c89730ca90315cb135ed71a07350131e38ed36df28b74e2be935a0dfebedf1317077437a9a187396dbf2b4991f7c19c54c02708
SSDEEP

96:IqMd8cGVCeLe9OzFI4k1XeEirvUbJ2Fi6Ogvw2nW3lMxThxnQe:udoe9OEs5ryJKvw2WyXxnL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xolehlp.dll

Files

3dff4097967d35ceff766ecd9ec4abe2a460b41009e5b265923840670cee0c0cN
.cab
xolehlp.dll
.dll windows:5 windows x86 arch:x86

31c91234d5d92ecd70b62b588f2b729f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

xolehlp.pdb

Imports

kernel32

SuspendThread
GetCurrentThread
WideCharToMultiByte
lstrlenW
ResumeThread
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrlenA
GetLastError
GetProcAddress
FreeLibrary
GetComputerNameW
lstrcmpiW
GetModuleHandleA
LoadLibraryA
DisableThreadLibraryCalls
MultiByteToWideChar
GetCommandLineA
GetThreadContext
GetCurrentProcessId

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegConnectRegistryW

msvcrt

_except_handler3
_adjust_fdiv
_initterm
malloc
_snprintf
strncpy
free

msdtcprx

?DtcWriteToEventLoggerEx@@YGJGGKPAXGKPAPBD0@Z

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoCreateInstance

Exports

Exports

DtcGetTransactionManager
DtcGetTransactionManagerC
DtcGetTransactionManagerEx
DtcGetTransactionManagerExA
DtcGetTransactionManagerExW
GetDtcLocaleResourceHandle

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31c91234d5d92ecd70b62b588f2b729f

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcrt

msdtcprx

ole32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 832B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 832B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB