17783e7cac472686eb783f5a4007e94e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17783e7cac472686eb783f5a4007e94e
Size

32KB
MD5

17783e7cac472686eb783f5a4007e94e
SHA1

ce011672905f9899eda66bdb2cd974f4f8ff7d6b
SHA256

c6fefb8265fae01ad817bd06940d5fa0c288e5c219fdbf5259995a6248fc88d2
SHA512

31c1e351334d78900a91bf62c7495cc353ad330dcf047d1abd94788707a920522a3fa5d356685e6ab37184f7bab64b0c490e4a20c04c86d2ceae1d8228d1ffc3
SSDEEP

384:egHo2dVljG/KfGz3USgvlc1SLJg3PzP9fmJaPBZxBwjxSxghYb:e0dVc/AGz3UrdcAS3PzPUaP1Bw9Sg2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17783e7cac472686eb783f5a4007e94e

Files

17783e7cac472686eb783f5a4007e94e
.dll windows:4 windows x86 arch:x86

e3c3d6c1eccbe8564220728e7b018f21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs
closesocket

msvcrt

_strupr
_adjust_fdiv
malloc
_initterm
free
strchr
memcmp
atoi
strcpy
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
fopen
fread
fclose
fwrite
time
memset
_strlwr
_itoa

kernel32

GetCurrentProcess
CreateEventA
GetModuleHandleA
Sleep
CreateThread
lstrlenA
CopyFileA
GetTempPathA
SetEvent
WaitForSingleObject
lstrcpyA
IsBadReadPtr
GetModuleFileNameA
LoadLibraryA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
GlobalAlloc
GlobalLock
ReadProcessMemory
lstrcatA
GetCurrentProcessId
VirtualProtectEx

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ