f949358b19b31d121f74a61989a17e3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f949358b19b31d121f74a61989a17e3e
Size

24KB
MD5

f949358b19b31d121f74a61989a17e3e
SHA1

0f8d942eb735120f6ceb0a9e467b661843741a99
SHA256

8073458385f1f81e7afb0e9e5ca24fb2f499208f8685353c36bc00d4f6f10607
SHA512

e67291f2da2886ef3ee9032988358677460e8477fac32bcbf2f808f90908c39d67ecc595ea58955a15238a77f71d13d470a697b7df8ffb8b75d44eb2120a87bd
SSDEEP

192:JH7XgkHG56itiSZXLZ+AKFLWhd9+M1TrpS:d7XgRVlXLjKpM9+MXS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f949358b19b31d121f74a61989a17e3e

Files

f949358b19b31d121f74a61989a17e3e
.dll windows:4 windows x86 arch:x86

51acc5f389147b839990d0006876364d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
TerminateProcess
FindClose
FindNextFileA
FindFirstFileA
Sleep
DisableThreadLibraryCalls
CreateProcessA
GetLastError

user32

GetWindowThreadProcessId
GetClassNameA
GetParent
CloseDesktop
SendMessageA
EnumDesktopWindows
PostMessageA
CreateDesktopA
OpenDesktopA
SetForegroundWindow
EnumChildWindows

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ws2_32

WSAStartup
connect
setsockopt
socket
htons
recv
closesocket
shutdown
inet_addr
gethostbyname
WSACleanup
send

msvcrt

_adjust_fdiv
_initterm
time
srand
strchr
atoi
strcmp
rand
strcat
strcpy
_strcmpi
sprintf
malloc
strstr
free
memcpy
strlen
memset

Exports

Exports

GetDLlVersion
Run

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ