5d80b3c3ba31bba2c6f042a2747c800b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d80b3c3ba31bba2c6f042a2747c800b
Size

24KB
MD5

5d80b3c3ba31bba2c6f042a2747c800b
SHA1

9647f00fc5f3bde1b83871d569ba63dc09d60fdd
SHA256

0055eea680f2db1fa026dd0beefde5b7babf4287bc672546486e717ae2ef9f09
SHA512

5e760235996d4903889c3189090ce6ff952b5fe073e9c257397678d28c91ec537f4cd0dbcd2ab7ff832416176b1a6b4418b7678c336f33bd22eafe8e9c79e6b2
SSDEEP

96:TJcT9Yqzy2D6AQc5756h7Vwsw3vxMp5+8J5:TI9Yqzy2D6AQcGBVwswA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d80b3c3ba31bba2c6f042a2747c800b

Files

5d80b3c3ba31bba2c6f042a2747c800b
.dll windows:4 windows x86 arch:x86

24675da73409c74bb77b4fdc43db9215

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
SetFilePointer
CreateFileA
lstrcpyA
GetCurrentThreadId
lstrcatA
GetCurrentProcessId
GetLocalTime

user32

OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
GetWindowTextA
wsprintfA
GetActiveWindow
SetProcessWindowStation
OpenDesktopA
SetWindowsHookExA
CallNextHookEx
GetKeyboardState
ToAscii
SetThreadDesktop

msvcrt

_adjust_fdiv
malloc
_initterm
free

Exports

Exports

SK

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 941B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ