36aad359fe48b470b2efccba870a8179 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36aad359fe48b470b2efccba870a8179
Size

17KB
MD5

36aad359fe48b470b2efccba870a8179
SHA1

6696237ebeda1843ddc98f50500aabfb35eafe49
SHA256

078cfbe85c6a5e937f36b97a88d6103efd40939753df041f7766782aa3ec5e09
SHA512

59127eea4bfb83f82c5f4bfbd852cb6e1bf01bc524c669f21bc2b7c68be70f125616096bacc16c982713702ca0abdaa2774fa5367e1994d6396e3b432b47a838
SSDEEP

384:RCQFMX/Rq4wvmMNuBBQARQkObKtiSb+H:Y3/Rq4wvmMgBBQARQkObdSb+H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36aad359fe48b470b2efccba870a8179

Files

36aad359fe48b470b2efccba870a8179
.dll windows:4 windows x86 arch:x86

be567510fee741590a5a9a983ffa7ccb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory
RtlUnwind

ws2_32

closesocket
gethostname

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle

kernel32

GlobalAlloc
VirtualProtectEx
VirtualFree
VirtualAlloc
ReadFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
Sleep
IsBadReadPtr
CreateThread
lstrlenA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
GlobalFree
lstrcatA

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ